Report - derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

Report Overview

Visitedpublic

2023-12-08 08:55:25

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2023-12-07 18:13:05	2.6 kB	24 kB	13.107.213.53
www.office.com	2755	1999-04-20	2014-02-12 02:02:36	2023-12-08 02:26:00	1.2 kB	2.7 kB	13.107.6.156
derakh.vxx8na.badfolk.org	unknown	unknown	No data	No data	444 B	543 B	103.68.166.129
pub-d89e3188311c46f49978b9555d4c9596.r2.dev	unknown	2022-08-23	2023-07-11 08:36:29	2023-12-08 06:57:08	1.1 kB	131 kB	104.18.3.35
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-08 08:16:59	449 B	31 kB	151.101.66.137
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-12-07 05:32:35	460 B	205 B	64.185.227.156
login.microsoftonline.com	25	2002-07-09	2017-02-19 08:06:40	2019-07-18 10:58:27	4.0 kB	40 kB	20.190.177.19
smtpjs.com	309535	2016-01-30	2016-02-01 17:59:05	2023-12-08 06:57:08	435 B	1.2 kB	109.169.71.112
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2023-12-07 05:16:42	5.9 kB	308 kB	152.199.23.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-08 08:55:14	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:55:14	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:55:14	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-08 08:55:14	low	Client IP	64.185.227.156	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-08	medium	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html	Outlook
2023-12-08	medium	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	smtpjs.com/v3/smtp.js	ScriptElement	868 B	2023-03-07	2025-08-09
URL smtpjs.com/v3/smtp.js IP / ASN 109.169.71.112 #20860 Iomart Cloud Services Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 2110 Size 868 B (868 bytes) MD5 73572da03234fa6d561c64b59c152230 SHA1 5de5efc900b7eaf2b93b02f7c4c260fa938ef983 SHA256 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776 Format Code Loading...

	login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 IP / ASN 20.190.177.19 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (10920 bytes) MD5 d3c3cc03161f7089c622d19f09f01c51 SHA1 ce25c0c94b487665ef7f9e8dd3dbb54c4d07126d SHA256 c979856e7c04800902cb5914956ff056e5dfc54705ca79cca265653b77fb19e5 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.19 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (11105 bytes) MD5 6a720e2049463d3593f47a052d4435d6 SHA1 9b02c553ceecdc4abbf22e71322d070dccfbe43b SHA256 c3ce83798dc9835cdf57d15cd96dbc94e80124436273ef42dcf431adeaf91ce4 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	3.2 kB	2023-12-08	2024-08-20
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2023-12-08 Last Seen 2024-08-20 Times Seen 204 Size 3.2 kB (3237 bytes) MD5 118a77c10b3a777b9a88138683517a85 SHA1 8f54de183632e6368dec071cdd9f67b3b0438ff4 SHA256 32281321ec3e63999e67678d78727438d5e1dee8ce2769bdf374ca80dfd7f886 Format Code Loading...

	login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392	ScriptElement	12 kB	2023-06-14	2025-04-25
URL login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 IP / ASN 20.190.177.19 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-06-14 Last Seen 2025-04-25 Times Seen 11521 Size 12 kB (12281 bytes) MD5 bbcef4a154c1228c1c97c4ef01a30ada SHA1 23daa3a4d9b0a6310edd3882191ec6ab51ce6b4f SHA256 6fa6c39c879b2fb55cfd9d0258916c68b5f750ae42312f510e44a4451f06e272 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	11 kB	2024-08-20	2024-08-20
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.20 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 11 kB (11108 bytes) MD5 3440f9dffef569552d7dad7bb2e81fdb SHA1 24fa4973664502af21f05bacba9b32e4d25c5512 SHA256 427d5224e912f5980a60d800732ab9610924599b8181a822023c3c327ba28720 Format Code Loading...

	aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js	ScriptElement	120 kB	2023-03-08	2025-08-08
URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js IP / ASN 152.199.23.37 #15133 EDGECAST Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-08 Last Seen 2025-08-08 Times Seen 14146 Size 120 kB (119648 bytes) MD5 75cf78d0e38c65a538ad253ca9e48dbe SHA1 bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6 SHA256 df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	402 B	2023-03-26	2025-08-09
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.20 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-26 Last Seen 2025-08-09 Times Seen 59098 Size 402 B (402 bytes) MD5 87efd6715519349131af142156db73f5 SHA1 c97a4e521b65745b007efc70d310bc3d881592e7 SHA256 03bde50da68e75d14367644f9f52809af9b55dbba6c171ce2c7b93523cdc5578 Format Code Loading...

	unknown	DomTimer	241 B	2023-10-31	2025-01-09
URL IP / ASN 0.0.0.0 #0 Introduced by DomTimer Embedded false Resource Info First Seen 2023-10-31 Last Seen 2025-01-09 Times Seen 1168 Size 241 B (241 bytes) MD5 5cb28f4fb234a13e4ef72986a4191561 SHA1 aadcaab83ba6a7bfcf718eecd4177595cc45c562 SHA256 f5b5b00c6360e697fd33fd27b2171e49a65a8b8c49b9ddc6107940cb607ac123 Format Code Loading...

	api.ipify.org/?format=jsonp&callback=getPublic	ScriptElement	33 B	2023-03-07	2025-06-22
URL api.ipify.org/?format=jsonp&callback=getPublic IP / ASN 64.185.227.156 #18450 WEBNX Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-06-22 Times Seen 1525 Size 33 B (33 bytes) MD5 b1fdb43145cf7c3f6f2a1370889232f1 SHA1 19cd287ba1ffae5908cf8d53d13abc302dac6f9c SHA256 9a751b74811a7c42413bc5109600706395ac8a8c057f7e6a55fc45b7ea41b191 Format Code Loading...

	aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js	ScriptElement	183 kB	2023-10-31	2024-09-20
URL aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js IP / ASN 152.199.23.37 #15133 EDGECAST Introduced by ScriptElement Embedded false Resource Info First Seen 2023-10-31 Last Seen 2024-09-20 Times Seen 1170 Size 183 kB (182930 bytes) MD5 be630e623d7ee30720abfe258d7e77f9 SHA1 28e1655eac90fc1f5a93f16366739ddfc9f04638 SHA256 87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	235 B	2023-03-07	2025-05-08
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-05-08 Times Seen 1518 Size 235 B (235 bytes) MD5 d5663ca14896beb4426cb2b7d4d1f91a SHA1 b13ce03a3f77e79bd161408887f4678d351efa02 SHA256 fe682d3a5bc92582598075d4fdce81ab9b112e785eaaf855f841f78f33dd3080 Format Code Loading...

	pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com	ScriptElement	0 B	0001-01-01	2025-08-09
URL pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-09 Times Seen 5738357 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	4.2 kB	2023-10-31	2025-06-26
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.20 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-31 Last Seen 2025-06-26 Times Seen 1176 Size 4.2 kB (4168 bytes) MD5 50eb9faffcfc4f56e8d5babbbd9cfe96 SHA1 f35f8ca2245390b09199e6f3aeb76480b2c540a0 SHA256 7ad506113198d4fdd9774dce119a61881bf39ffd1da7b92eec5b290c96a01a90 Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	593 B	2023-10-31	2025-08-08
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.20 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-31 Last Seen 2025-08-08 Times Seen 1220 Size 593 B (593 bytes) MD5 130d91ea1e7ea7721687440cd741e93e SHA1 4883e88e0b99498d9cf23331dc9fee04b36a4162 SHA256 4db3ace66daacec4548d13dd8f9124459a2ba4dc539ca5ab03b725e0486a14e3 Format Code Loading...

	code.jquery.com/jquery-3.1.1.min.js	ScriptElement	87 kB	2023-03-07	2025-08-09
URL code.jquery.com/jquery-3.1.1.min.js IP / ASN 151.101.66.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 120524 Size 87 kB (86709 bytes) MD5 e071abda8fe61194711cfc2ab99fe104 SHA1 f647a6d37dc4ca055ced3cf64bbc1f490070acba SHA256 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Format Code Loading...

	login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0	ScriptElement	106 B	2023-06-21	2025-08-08
URL login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 IP / ASN 20.190.177.20 #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by ScriptElement Embedded true Resource Info First Seen 2023-06-21 Last Seen 2025-08-08 Times Seen 1606 Size 106 B (106 bytes) MD5 b524b1297911a39f4a4d5165b932f781 SHA1 ab75fee67b6089f129830917a2e8c2fda6a23582 SHA256 7061d39ee40e8f7a47e5a0efb673e446080fbbfcbd38c4fdeaf37deb0c6df605 Format Code Loading...

HTTP Transactions (27)

URL IP Response Size

derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

103.68.166.129

149 B

URL HTTP

derakh.vxx8na.badfolk.org/new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t

IP / ASN

103.68.166.129

#38719 Dreamscape Networks Limited

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2023-12-08

Last Seen2023-12-08

Times Seen2

Size149 B (149 bytes)

MD5f7e820fa88d16e2ccdf9c24ba97494ae

SHA15cef1dafc4b2f7411b3c7d8c978d7ee1c6f64f6c

SHA2566ea00a280446eaf3ae2d858c4fcfbb4645191c3fc40c719dee0067175fedb491

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /new/YWtoaWxzaW5naC5wYXRpbEB1YnMuY29t HTTP/1.1
Host: derakh.vxx8na.badfolk.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Dec 2023 08:55:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 149
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=91489cf40b2538808250d06912e216f0; path=/
Upgrade: h2,h2c
Vary: Accept-Encoding
Content-Encoding: gzip

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

104.18.3.35

20 kB

URL HTTPS

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (64651), with CRLF line terminators

First Seen2023-12-08

Last Seen2024-08-20

Times Seen204

Size20 kB (20534 bytes)

MD58c5882e6702c337ea109a2b96793c460

SHA11b0745a7643762bd368cbbade524875ee2ca30ae

SHA2560ecbd9ed32cb678b3bb835f54ccba95bca19042944952a3d94042d6a6ca68064

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aas.html HTTP/1.1
Host: pub-d89e3188311c46f49978b9555d4c9596.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://derakh.vxx8na.badfolk.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 08:55:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8c5882e6702c337ea109a2b96793c460"
Last-Modified: Fri, 08 Dec 2023 05:33:50 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8323c99f4a1356a8-OSL
Content-Encoding: gzip

GET code.jquery.com/jquery-3.1.1.min.js

151.101.66.137

200 OK

30 kB

URL GET HTTPS

code.jquery.com/jquery-3.1.1.min.js

IP / ASN

151.101.66.137

#54113 FASTLY

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeASCII text, with very long lines (32030)

First Seen2023-03-07

Last Seen2025-08-09

Times Seen120524

Size30 kB (30070 bytes)

MD5e071abda8fe61194711cfc2ab99fe104

SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 08 Dec 2023 08:55:07 GMT
age: 7225106
x-served-by: cache-lga21947-LGA, cache-bma1639-BMA
x-cache: HIT, HIT
x-cache-hits: 119, 142893
x-timer: S1702025708.812391,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png

13.107.213.53

200 OK

207 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-05-10

Last Seen2025-08-08

Times Seen1597

Size207 B (207 bytes)

MD50ad43084800fd8b50a2576b5173746fe

SHA197c08e6062ff37f6e7a6c65e94d693ccc9ccd443

SHA2562c03ee38a4eba6a047c3a5bacb3eb461efe14be8acd46ae772350a4dea2f0175

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 207
content-type: image/png
content-md5: CtQwhIAP2LUKJXa1FzdG/g==
last-modified: Fri, 02 Nov 2018 20:25:24 GMT
etag: 0x8D6410151EBB082
x-cache: TCP_HIT
x-ms-request-id: e6429557-501e-0022-639b-29f044000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NLByZQAAAAAE+SaD4MsTSJ+4LiDr4R8VQU1TMDRFREdFMTkxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 069lyZQAAAAATM5miQKnxS5GRwL0oHibHU1ZHMjBFREdFMDYxMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:55:07 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png

13.107.213.53

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 1057
content-type: image/png
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
last-modified: Fri, 02 Nov 2018 20:25:31 GMT
etag: 0x8D641015620C409
x-cache: TCP_HIT
x-ms-request-id: 0913678a-d01e-0016-1a09-297d5d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0NLByZQAAAAB+itJCws8PRYkJqNidBC0qQU1TMDRFREdFMTgxNAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 069lyZQAAAAAAWaAiHI65TKdVwzhP+bUtU1ZHMjBFREdFMDYxMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:55:07 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

13.107.213.53

200 OK

673 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators

First Seen2023-04-12

Last Seen2025-08-09

Times Seen86359

Size673 B (673 bytes)

MD5bc3d32a696895f78c19df6c717586a5d

SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Thu, 13 Feb 2020 02:05:12 GMT
etag: 0x8D7B0292911C366
x-cache: TCP_HIT
x-ms-request-id: ed96d3ae-e01e-000d-74ab-26e868000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kedtZQAAAACupD86JF1LQampgMI1tRAVQU1TMDRFREdFMTkxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 069lyZQAAAAC8bSM6d+kRQKkrA+xE4dJmU1ZHMjBFREdFMDYxMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:55:07 GMT
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png

13.107.213.53

200 OK

240 B

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-27

Last Seen2025-08-09

Times Seen12115

Size240 B (240 bytes)

MD57cc096da6aa2dba3f81fcc1c8262157c

SHA1a50776316f0220ed7cd7882a68c742a8861c999d

SHA256ab50358475adae73a435466c72d1a48ab124e8ae06614663716a46dce5ac8b83

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 240
content-type: image/png
content-md5: fMCW2mqi26P4H8wcgmIVfA==
last-modified: Fri, 02 Nov 2018 20:25:10 GMT
etag: 0x8D64101494D74DC
x-cache: TCP_HIT
x-ms-request-id: 92018a62-801e-000b-1e7e-251264000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0kedtZQAAAABCMc/HGzVeSJRo0ikq9R++QU1TMDRFREdFMTgxNgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 069lyZQAAAAA7Cgdm0wwNT7LV0sa/2kJ3U1ZHMjBFREdFMDYxMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:55:07 GMT
X-Firefox-Spdy: h2

GET www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F

13.107.6.156

302 Found

0 B

URL GET HTTPS

www.office.com/estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F

IP / ASN

13.107.6.156

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738357

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerMicrosoft Corporation

Subjectportal.office.com

FingerprintD1:DA:D6:CC:38:6B:DB:BB:03:27:D0:A9:DF:4F:CF:72:9E:E7:92:F4

ValidityMon, 04 Dec 2023 17:51:23 GMT - Thu, 28 Nov 2024 17:51:23 GMT

HTTP Headers

GET /estslogout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0
vary: Accept-Encoding
set-cookie: OH.SID=03b14651-80e9-4db3-ae87-33f387e730b2; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Fri, 08 Dec 2023 16:55:07 GMT; path=/; secure; samesite=none; httponly
OH.FLID=1ddf81e5-1911-427a-9271-1d86132061cb; expires=Sun, 08 Dec 2024 08:55:07 GMT; path=/; secure; samesite=none; httponly
MUID=2EB47479FBBD652311C66798FA9164C1; path=/; secure; expires=Wed, 01-Jan-2025 08:55:07 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 2168AFB393C84DF29C43F288F60585FD Ref B: SVG20EDGE0118 Ref C: 2023-12-08T08:55:07Z
date: Fri, 08 Dec 2023 08:55:07 GMT
content-length: 0
X-Firefox-Spdy: h2

GET www.office.com/estslogout?ru=/

13.107.6.156

302 Found

0 B

URL GET HTTPS

www.office.com/estslogout?ru=/

IP / ASN

13.107.6.156

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738357

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerMicrosoft Corporation

Subjectportal.office.com

FingerprintD1:DA:D6:CC:38:6B:DB:BB:03:27:D0:A9:DF:4F:CF:72:9E:E7:92:F4

ValidityMon, 04 Dec 2023 17:51:23 GMT - Thu, 28 Nov 2024 17:51:23 GMT

HTTP Headers

GET /estslogout?ru=/ HTTP/1.1
Host: www.office.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
location: https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0
vary: Accept-Encoding
set-cookie: OH.SID=4d0bb090-c801-4bcc-b85a-498344629d8d; path=/; secure; samesite=none; httponly
OH.DCAffinity=OH-noe; expires=Fri, 08 Dec 2023 16:55:07 GMT; path=/; secure; samesite=none; httponly
OH.FLID=116f344c-d9c1-496a-a77d-0d3f555d41e2; expires=Sun, 08 Dec 2024 08:55:07 GMT; path=/; secure; samesite=none; httponly
MUID=3AA4EA8382F86D6D1122F96283D46C1F; path=/; secure; expires=Wed, 01-Jan-2025 08:55:07 GMT; domain=office.com
request-context: appId=
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge,chrome=1
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 10BB9898F7B3415CB09AFF73746D9B55 Ref B: SVG20EDGE0118 Ref C: 2023-12-08T08:55:07Z
date: Fri, 08 Dec 2023 08:55:07 GMT
content-length: 0
X-Firefox-Spdy: h2

GET login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

20.190.177.19

200 OK

11 kB

URL GET HTTPS

IP / ASN

20.190.177.19

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10900), with CRLF, LF line terminators

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11164 bytes)

MD5bdc31b44566270280067caf374b5be45

SHA16c124bcb329f4f9da8e7131b0e1641d28b1d1e56

SHA25626609a69d3af9193cee18329ce28c6d5c309a16527c49aeb0394067240de3f04

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 0764e7f2-0d4d-4222-940f-3866f1d50d00
x-ms-ests-server: 2.1.16919.4 - WEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P8aYysEucpx4exzhY-xXZ04BLWv-gSRf-ZpF5S-utSvTqouTQkhbfxotzMETnGiy363lNjtDmF4dQ; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:07 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:07 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-gaIqLFsUiacyIWU8BSbgz8KByCdR2h0XXTrwvFLD5pHrlo-NQ9gKWyqvebQujyex_BVplZgEVFg; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:55:07 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_lffSAqBPhxXcR-MlGmgGp8pvtEXGECRbu4bhg4tZozkCLLrD0LxPvbnBz0nFb6ft5fcEyigmatw; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-Dt86hgJI04biTiVgSTvWKGX6UmlLgztLLEtINlnA03QZjf-tUaaORHzK4DuwdmoJjvnn89BgtLqSq2shQOSv0OqtpWQdZLeu56iRRjCqMJsgAA; expires=Sun, 07-Jan-2024 08:55:07 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Ah-MfE_dmKBDmDvxyBFvbzw; expires=Sun, 07-Jan-2024 08:55:07 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-lMsQ-hkDFbHyxUPZHsLyPTk_ye6U5sw3q1j8FSHUYq_HuopyJywv-ffxDPeLA-jZTmBEla6BMBGg0JcuWtCVG3n2MPEBTDRvJot6F_NDLNa-m5NQMf8EFVAdVJ-yDrVYmTMfxixfMzDwd_j5u-YokwRDh_x7NWkxxsf4hUNL_1MgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:55:07 GMT
Content-Length: 11164

GET smtpjs.com/v3/smtp.js

109.169.71.112

200 OK

871 B

URL GET HTTPS

smtpjs.com/v3/smtp.js

IP / ASN

109.169.71.112

#20860 Iomart Cloud Services Limited

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeUnicode text, UTF-8 (with BOM) text, with very long lines (841), with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-01

Times Seen1896

Size871 B (871 bytes)

MD53834e1b9e65ca954b7479464ea1e5118

SHA1437df45dbf59c3a3414236f44e3bcd5045bfe314

SHA256fc33c6b2c79aafa930e841962ae3c25bf8f56cbc20ec48fc2b0ddd0aa6ee23b6

Certificate Info

IssuerLet's Encrypt

Subjectsmtpjs.com

Fingerprint80:11:F5:EE:07:C3:FF:C6:7A:51:CC:25:CE:9E:03:8D:A4:6E:65:81

ValiditySat, 11 Nov 2023 02:15:38 GMT - Fri, 09 Feb 2024 02:15:37 GMT

HTTP Headers

GET /v3/smtp.js HTTP/1.1
Host: smtpjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 10 Nov 2020 17:17:51 GMT
accept-ranges: bytes
etag: "162f436b85b7d61:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Fri, 08 Dec 2023 08:55:07 GMT
content-length: 871
X-Firefox-Spdy: h2

GET login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

20.190.177.19

200 OK

11 kB

URL GET HTTPS

login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

IP / ASN

20.190.177.19

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11305 bytes)

MD520f15840a4882dd32f8538432274f175

SHA168988403d861d707c38f75a1455cc15174c71073

SHA256484376ce0cc4d8810baf5bed1580716c10df59c6e27031fcacb3e89fe3e241e7

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P8aYysEucpx4exzhY-xXZ04BLWv-gSRf-ZpF5S-utSvTqouTQkhbfxotzMETnGiy363lNjtDmF4dQ; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-gaIqLFsUiacyIWU8BSbgz8KByCdR2h0XXTrwvFLD5pHrlo-NQ9gKWyqvebQujyex_BVplZgEVFg; ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_lffSAqBPhxXcR-MlGmgGp8pvtEXGECRbu4bhg4tZozkCLLrD0LxPvbnBz0nFb6ft5fcEyigmatw; ESTSAUTHLIGHT=+; buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-Dt86hgJI04biTiVgSTvWKGX6UmlLgztLLEtINlnA03QZjf-tUaaORHzK4DuwdmoJjvnn89BgtLqSq2shQOSv0OqtpWQdZLeu56iRRjCqMJsgAA; fpc=Ah-MfE_dmKBDmDvxyBFvbzw; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-lMsQ-hkDFbHyxUPZHsLyPTk_ye6U5sw3q1j8FSHUYq_HuopyJywv-ffxDPeLA-jZTmBEla6BMBGg0JcuWtCVG3n2MPEBTDRvJot6F_NDLNa-m5NQMf8EFVAdVJ-yDrVYmTMfxixfMzDwd_j5u-YokwRDh_x7NWkxxsf4hUNL_1MgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: fe74627a-1e75-445e-a03f-383bb6453100
x-ms-ests-server: 2.1.16878.5 - SEC ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_nLn6LwWvq_4TlbN0oCpaxiXLfg_-2nRoWaEXxF8KBuIaLnbaTL6X67ocpycXnsjrbP05oOMPnXw; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:08 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P8gCbo3GImVfLjXQdRJaaK8u0APSL14QV3EccnCjqUG2QGIVgvSpc8wMXDrUg7lhBFfh9MB0iBNVQ; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_MLQ8ZZyFuSzIv-WUo4EPmmGQNKJzTR-ENt7uzlzFAn3TWoNIh20O_8tOCD01_6o4ZDqh1oERxXg; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-Ke5WhHeWsqAaT1OuiGG9J6X_Z2w72nTiPqVnqoVBY3H54aqX9VtcPJK0IIQDSt_xxD8-Ua_eJUKz0eZnG-L6CQoslES4eN7BLWEfNEFtdqogAA; expires=Sun, 07-Jan-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Ah-MfE_dmKBDmDvxyBFvbzw; expires=Sun, 07-Jan-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:55:08 GMT
Content-Length: 11305

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

152.199.23.37

200 OK

45 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 4797656
cache-control: public, max-age=31536000
content-md5: gkCQOa5xTExKUB2dlzn2rA==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DBCB6954BD7E87
last-modified: Thu, 12 Oct 2023 21:22:25 GMT
server: ECAcc (ska/F76D)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 12e7e930-401e-009f-1a11-fe344e000000
x-ms-version: 2009-09-19
content-length: 44809
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

152.199.23.37

200 OK

40 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 11680500
cache-control: public, max-age=31536000
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8D8DA1D9D23143A
last-modified: Fri, 26 Feb 2021 06:13:19 GMT
server: ECAcc (ska/F6C8)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 84b07241-d01e-0027-5a78-bfb818000000
x-ms-version: 2009-09-19
content-length: 40454
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

152.199.23.37

200 OK

20 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (61177)

First Seen2023-12-08

Last Seen2024-08-20

Times Seen1467

Size20 kB (20226 bytes)

MD5087cbf41bea0d506c90719671b6cad21

SHA16b937c0788b61572a829dfba228814b957350cce

SHA2565e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1759231
cache-control: public, max-age=31536000
content-md5: cclsNwaya3AD0ci2cGBnrw==
content-type: text/css
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DBE70343D336EF
last-modified: Fri, 17 Nov 2023 00:22:21 GMT
server: ECAcc (ska/F77A)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9f40a161-b01e-0098-79b4-19e540000000
x-ms-version: 2009-09-19
content-length: 20226
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

152.199.23.37

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 16243262
cache-control: public, max-age=31536000
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
content-type: image/png
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DB5C3F494E35F8
last-modified: Wed, 24 May 2023 10:11:48 GMT
server: ECAcc (ska/F791)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3c7794d4-a01e-005f-0ff8-95a2ec000000
x-ms-version: 2009-09-19
content-length: 1057
X-Firefox-Spdy: h2

GET api.ipify.org/?format=jsonp&callback=getPublic

64.185.227.156

200 OK

33 B

URL GET HTTPS

api.ipify.org/?format=jsonp&callback=getPublic

IP / ASN

64.185.227.156

#18450 WEBNX

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-07

Last Seen2025-06-22

Times Seen1525

Size33 B (33 bytes)

MD5b1fdb43145cf7c3f6f2a1370889232f1

SHA119cd287ba1ffae5908cf8d53d13abc302dac6f9c

SHA2569a751b74811a7c42413bc5109600706395ac8a8c057f7e6a55fc45b7ea41b191

Certificate Info

IssuerSectigo Limited

Subject*.ipify.org

FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54

ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

HTTP Headers

GET /?format=jsonp&callback=getPublic HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Fri, 08 Dec 2023 08:55:08 GMT
Content-Type: application/javascript
Content-Length: 33
Connection: keep-alive
Vary: Origin

GET login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

20.190.177.20

200 OK

11 kB

URL GET HTTPS

login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

IP / ASN

20.190.177.20

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

First Seen2023-12-08

Last Seen2023-12-08

Times Seen1

Size11 kB (11310 bytes)

MD57d9ab5ec8f7af498b8d10672f0a52460

SHA18e27e7689617d1211ff6983be0b4f133b7d1a2e4

SHA25615963e1267b1e3fd5b8b33f59324d4e7bd09d5d949cb79c5ef43ac1348d4a4f3

Certificate Info

IssuerDigiCert Inc

Subjectstamp2.login.microsoftonline.com

Fingerprint2E:B3:86:45:AB:31:92:6E:11:85:D8:B1:22:CC:4C:E3:41:D7:48:04

ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 21 Nov 2024 23:59:59 GMT

HTTP Headers

GET /common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wZ2DxjZ_JUdOxsnSF-hRHrfwAEkbIoMHWEL7OOqarVySCaBrxdaxFIUOuUXHZahDW7GKVSS_vxWjlSN2CpSBVOhPmBAN1SdQXKaehbzw8zfkazwPs6-hFmdlxWyRlaS&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
DNT: 1
Connection: keep-alive
Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P8aYysEucpx4exzhY-xXZ04BLWv-gSRf-ZpF5S-utSvTqouTQkhbfxotzMETnGiy363lNjtDmF4dQ; ESTSSSOTILES=1; AADSSOTILES=1; ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-gaIqLFsUiacyIWU8BSbgz8KByCdR2h0XXTrwvFLD5pHrlo-NQ9gKWyqvebQujyex_BVplZgEVFg; ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_lffSAqBPhxXcR-MlGmgGp8pvtEXGECRbu4bhg4tZozkCLLrD0LxPvbnBz0nFb6ft5fcEyigmatw; ESTSAUTHLIGHT=+; buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-Dt86hgJI04biTiVgSTvWKGX6UmlLgztLLEtINlnA03QZjf-tUaaORHzK4DuwdmoJjvnn89BgtLqSq2shQOSv0OqtpWQdZLeu56iRRjCqMJsgAA; fpc=Ah-MfE_dmKBDmDvxyBFvbzw; esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-lMsQ-hkDFbHyxUPZHsLyPTk_ye6U5sw3q1j8FSHUYq_HuopyJywv-ffxDPeLA-jZTmBEla6BMBGg0JcuWtCVG3n2MPEBTDRvJot6F_NDLNa-m5NQMf8EFVAdVJ-yDrVYmTMfxixfMzDwd_j5u-YokwRDh_x7NWkxxsf4hUNL_1MgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 4ae3e4b7-3dc2-4b08-b594-852ab9339800
x-ms-ests-server: 2.1.16790.9 - NEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: SignInStateCookie=CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_D1l2lJ-B_Jovw42q0MCy2p98Lq8Y4JxXrWVl5ketiFUDTXvtU_8DqJT8WV10DnexKqGLBdVhTZw; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:08 GMT; path=/; secure; SameSite=None
AADSSOTILES=1; expires=Thu, 08-Dec-2033 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHPERSISTENT=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_FZKqbxcDxGgc6VTtUvKRJRHW0JVnC947HVFA7ZLv4URz8BzdLM5vuX55-BhyuMwNW1BkBTTKoWw; domain=.login.microsoftonline.com; expires=Thu, 07-Mar-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
ESTSAUTH=AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P9Mn5KYjDmMx3jvGCpf7GqMp2dy_qgCNW9mAPINdqLLGbUU6HfBleVvQhyq9ch1WoWVYiAxeH8YVQ; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
ESTSAUTHLIGHT=+; path=/; secure; SameSite=None
buid=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-SJ64FN6H8YU-EPBsXgU8r4N83RYs5fNYhBWFxhdNVXTQ0B4izDJtSvnost5NodzMwaDwZNJDQsZBCQ6V-qZeOcnqTc-xZbxyVMF3Wjq57_MgAA; expires=Sun, 07-Jan-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
fpc=Ah-MfE_dmKBDmDvxyBFvbzw; expires=Sun, 07-Jan-2024 08:55:08 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Fri, 08 Dec 2023 08:55:07 GMT
Content-Length: 11310

GET aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.213.53

200 OK

17 kB

URL GET HTTPS

aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

IP / ASN

13.107.213.53

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html#akhilsingh.patil@ubs.com

Resource Info

File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data

First Seen2023-04-05

Last Seen2025-08-08

Times Seen156846

Size17 kB (17174 bytes)

MD512e3dac858061d088023b2bd48e2fa96

SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

Fingerprint88:95:0C:FA:9D:33:AA:BF:A4:FD:9D:84:A6:E8:02:06:58:50:AD:8C

ValiditySun, 29 Oct 2023 00:00:00 GMT - Tue, 29 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-d89e3188311c46f49978b9555d4c9596.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
content-length: 17174
content-type: image/x-icon
content-md5: EuPayFgGHQiAI7K9SOL6lg==
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-cache: TCP_HIT
x-ms-request-id: 7ed70d83-301e-005c-5835-29a059000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 04pxyZQAAAADqs0vNUy2mQo2/T03+TRNyQU1TMDRFREdFMTgxOQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
x-azure-ref: 07NlyZQAAAACKYxu6/K5LRZ/IHo4MZO72U1ZHMjBFREdFMDYxMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
date: Fri, 08 Dec 2023 08:55:08 GMT
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css

152.199.23.37

200 OK

20 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.office.com%2F&state=7wWHZk3_dPcvlSWi1mmOmnTF-8dZpr_j4BCr2OvIYVqFsYXyHJ_tefsBgwJeLIYarhAMZGAZdQ6QI7GJZMrT0s-ftqe3cznvta1YUydxKLQySn2G778YahyLql-9PlUD&x-client-SKU=ID_NET6_0&x-client-ver=6.34.0.0

Resource Info

File typeASCII text, with very long lines (61177)

First Seen2023-09-21

Last Seen2024-08-22

Times Seen23596

Size20 kB (20208 bytes)

MD52ed8d5b2f2b901e92d03f9068812341a

SHA18470214fc8e246c3910bcb0eae9070d4abe3a389

SHA2561a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 7920179
cache-control: public, max-age=31536000
content-md5: znAMuOwBXwRYMjVZ8p4wCw==
content-type: text/css
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DBAF1F9F5D8653
last-modified: Wed, 06 Sep 2023 21:24:15 GMT
server: ECAcc (ska/F699)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a859188b-b01e-00e0-2bab-e14f51000000
x-ms-version: 2009-09-19
content-length: 20208
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

152.199.23.37

200 OK

40 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 11680500
cache-control: public, max-age=31536000
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8D8DA1D9D23143A
last-modified: Fri, 26 Feb 2021 06:13:19 GMT
server: ECAcc (ska/F6C8)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 84b07241-d01e-0027-5a78-bfb818000000
x-ms-version: 2009-09-19
content-length: 40454
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

152.199.23.37

200 OK

45 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 4797656
cache-control: public, max-age=31536000
content-md5: gkCQOa5xTExKUB2dlzn2rA==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DBCB6954BD7E87
last-modified: Thu, 12 Oct 2023 21:22:25 GMT
server: ECAcc (ska/F76D)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 12e7e930-401e-009f-1a11-fe344e000000
x-ms-version: 2009-09-19
content-length: 44809
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

152.199.23.37

200 OK

40 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typeASCII text, with very long lines (65450), with CRLF line terminators

First Seen2023-03-08

Last Seen2025-08-08

Times Seen14146

Size40 kB (40454 bytes)

MD575cf78d0e38c65a538ad253ca9e48dbe

SHA1bf0452e4a42a9af3b69d5d8c3a3a0433f14921b6

SHA256df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 11680500
cache-control: public, max-age=31536000
content-md5: HWW92uTq7vx3y5z+zFZbXQ==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8D8DA1D9D23143A
last-modified: Fri, 26 Feb 2021 06:13:19 GMT
server: ECAcc (ska/F6C8)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 84b07241-d01e-0027-5a78-bfb818000000
x-ms-version: 2009-09-19
content-length: 40454
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

152.199.23.37

200 OK

45 kB

URL GET HTTPS

aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js

IP / ASN

152.199.23.37

#15133 EDGECAST

Resource Info

File typeASCII text, with very long lines (778)

First Seen2023-10-31

Last Seen2024-09-20

Times Seen1170

Size45 kB (44809 bytes)

MD5be630e623d7ee30720abfe258d7e77f9

SHA128e1655eac90fc1f5a93f16366739ddfc9f04638

SHA25687e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 4797656
cache-control: public, max-age=31536000
content-md5: gkCQOa5xTExKUB2dlzn2rA==
content-type: application/x-javascript
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DBCB6954BD7E87
last-modified: Thu, 12 Oct 2023 21:22:25 GMT
server: ECAcc (ska/F76D)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 12e7e930-401e-009f-1a11-fe344e000000
x-ms-version: 2009-09-19
content-length: 44809
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

152.199.23.37

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 16243262
cache-control: public, max-age=31536000
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
content-type: image/png
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DB5C3F494E35F8
last-modified: Wed, 24 May 2023 10:11:48 GMT
server: ECAcc (ska/F791)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3c7794d4-a01e-005f-0ff8-95a2ec000000
x-ms-version: 2009-09-19
content-length: 1057
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

152.199.23.37

200 OK

1.1 kB

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://login.microsoftonline.com/logout.srf?ct=1548343592&rver=64.4.6456.0&lc=1033&id=501392

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced\012- data

First Seen2023-04-10

Last Seen2025-08-08

Times Seen3304

Size1.1 kB (1057 bytes)

MD5ed9c9eb0dce17d752bedea6b5acda6d9

SHA1eca56c4904354eed5da0debcd6bd66856ab4784d

SHA256f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 16243262
cache-control: public, max-age=31536000
content-md5: 7ZyesNzhfXUr7eprWs2m2Q==
content-type: image/png
date: Fri, 08 Dec 2023 08:55:08 GMT
etag: 0x8DB5C3F494E35F8
last-modified: Wed, 24 May 2023 10:11:48 GMT
server: ECAcc (ska/F791)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3c7794d4-a01e-005f-0ff8-95a2ec000000
x-ms-version: 2009-09-19
content-length: 1057
X-Firefox-Spdy: h2

GET pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

104.18.3.35

200 OK

110 kB

URL User Request GET HTTPS

pub-d89e3188311c46f49978b9555d4c9596.r2.dev/aas.html

IP / ASN

104.18.3.35

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (64651), with CRLF line terminators

First Seen2023-12-08

Last Seen2024-08-20

Times Seen204

Size110 kB (110092 bytes)

MD58c5882e6702c337ea109a2b96793c460

SHA11b0745a7643762bd368cbbade524875ee2ca30ae

SHA2560ecbd9ed32cb678b3bb835f54ccba95bca19042944952a3d94042d6a6ca68064

Certificate Info

IssuerLet's Encrypt

Subject*.r2.dev

Fingerprint91:F0:8B:D3:AA:FC:86:18:F9:F2:29:EB:98:8C:D8:5A:3A:76:5C:CF

ValidityWed, 11 Oct 2023 17:13:53 GMT - Tue, 09 Jan 2024 17:13:52 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /aas.html HTTP/1.1
Host: pub-d89e3188311c46f49978b9555d4c9596.r2.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://derakh.vxx8na.badfolk.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Dec 2023 08:55:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"8c5882e6702c337ea109a2b96793c460"
Last-Modified: Fri, 08 Dec 2023 05:33:50 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8323c99f4a1356a8-OSL
Content-Encoding: gzip