hxxps://swiftconstruction[.]us22[.]list-manage[.]com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b[//]/#/?/yvette@marioncountyclerk[.]org##

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///#/?/yvette@marioncountyclerk.org##

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
1804	msedge.exe
1804	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 3916	1804	msedge.exe	83
PID 1804 wrote to memory of 3916	1804	msedge.exe	83
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 4072	1804	msedge.exe	84
PID 1804 wrote to memory of 2820	1804	msedge.exe	85
PID 1804 wrote to memory of 2820	1804	msedge.exe	85
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86
PID 1804 wrote to memory of 4036	1804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///#/?/yvette@marioncountyclerk.org##
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13387692906837758353,5483304326568365934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

DNS

swiftconstruction.us22.list-manage.com

msedge.exe

Remote address:

8.8.8.8:53

Request

swiftconstruction.us22.list-manage.com

IN A

Response

swiftconstruction.us22.list-manage.com

IN CNAME

swc.list-manage.com.edgekey.net

swc.list-manage.com.edgekey.net

IN CNAME

e13829.x.akamaiedge.net

e13829.x.akamaiedge.net

IN A

88.221.11.19
GET

https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///

msedge.exe

Remote address:

88.221.11.19:443

Request

GET /track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b/// HTTP/2.0
host: swiftconstruction.us22.list-manage.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-type: text/html;charset=utf-8
content-length: 20
x-spanid: 50af5cb6-6899-0537-8703-830f6b22adbe
x-amzn-trace-id: Root=1-66460199-02eabe9a780d7d6b48e08ac0
content-encoding: gzip
location: https://iompar.com/sareo/
referrer-policy: same-origin
server: istio-envoy
vary: Accept-Encoding
x-envoy-upstream-service-time: 109
x-ua-compatible: IE=edge,chrome=1
x-envoy-decorator-operation: http-interposer-desired-service.mailchimp-cloud-httpinterposer-use2-prd-m2.svc.cluster.local:8090/*
strict-transport-security: max-age=31536000
intuit_tid: 1-66460199-02eabe9a780d7d6b48e08ac0
x-request-id: 1-66460199-02eabe9a780d7d6b48e08ac0
date: Thu, 16 May 2024 12:52:42 GMT
set-cookie: _mcid=1.d980d218d3747ab3a6b24cef67095135.8fba77bd43c0e7fc2f39cf719046da4e878a1f399ee8ab580b166ad937700dd5; expires=Fri, 16-May-2025 12:52:41 GMT; Max-Age=31536000; path=/
set-cookie: _mc_anon_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
server-timing: cdn-cache; desc=MISS
server-timing: edge; dur=237
server-timing: origin; dur=120
set-cookie: _abck=254F3F759E2464B0C5867122200EACE0~-1~YAAQvVozuPgTKFKPAQAA70F2gQuRXm7zICFuGbmPqyrY2ugJI3obpmaQGYRn0LZ6Zv4rsCcO5B4elzscmF6fCsAdUx14riXWWGWmNdQ8qx9pVwhbQc3bsyW05y2+XOUS6/1nIyJ8nu+73J35NwFQqBmCcQC1GkuE/lVsJGo0ggjjYWmOIgokn4HY3yu8ZhZ4V21mPsoHhEZFiHVIkKNSgPr2DbuzM87NQltNWUYVbeY9gKvHAwz09XLE27s8POc3U6SjPiCxmEEm7jpvCq3C1f/607p1DpPn6DlU0bUHLLn1cIDw037IkIPbDPq/xg00vgEdsu2zEaDNYSGn7xiPCvGtQsLS07BdK838TMSpjbnx8wvPWs6eBhmrysNaEDS+uf0=~-1~-1~-1; Domain=.list-manage.com; Path=/; Expires=Fri, 16 May 2025 12:52:42 GMT; Max-Age=31536000; SameSite=None; Secure
set-cookie: ak_bmsc=CC48A73B049830A4F1F6AA830FFCAB78~000000000000000000000000000000~YAAQvVozuPkTKFKPAQAA70F2gRc2f6Hgjyq8GlYjl+SykvPYELQNIPjyEpSKpduqWux+Lw5vK0zoPRfol2aHT19ejCCL21NgWQzdKn2heOUgXjbL8eAYnD11lo4dw/I4VCB6RI73MdOX80/r7LUxPkWOIqTS6enAkfTeIvnh9rqJ68VpRc3xIaGzHDCNtuMkY+4fZfM/Vpiu565k+OoaJYPbJeecxFMJeDpOxpOc1LF4vsSd+EqO8oX4BuQRldYtMIKGWdNLEgyfkKiWoIvZrt80b+KwxEs4NH2MYoiYNolFpM3r8Wd6nTSdEUXT14MweKGxhVGeSkEIda66P6w51Xu4t7sF6e2ajNy9yQbKtEaUEYqXohO+BsRZX6LKIvcUfjzkmzDtYpprAnhHa+XkX/1LWQ7P; Domain=.us22.list-manage.com; Path=/; Expires=Thu, 16 May 2024 14:52:41 GMT; Max-Age=7199; SameSite=None; Secure
set-cookie: bm_sz=15A1AE75B998A9045F46C8EA3BBBCDEB~YAAQvVozuPoTKFKPAQAA70F2gReALaTDnAtOq/6Yk6xZrehHAd0SZZhGesbtNzqQV1xEmoaOOq/tiXedRaeLozaj/KD4W7Hjm5ez8kIWgVuJ/iNO2HqTPmoR/8eSZXJhAW041P46BZgI9hhQcte8ALWhQDQiie14OikMflcgjxwhsHub7phCKCi7Dy/XKih+9oZI29ELeh7RPX/YmsKcP0wG8ABeY4NJRM6+d0loUuwS/cFj99AlLTceqhdvQESyU+xw+FwgckNCk7iSfFjVVhBVw5cwkQWJpdc7RVEEkXoHPQe9fQx+p6eKExnk9CC95zIxXzI/s3m5O733PNNmHCjFhC2RgAtUyIbkCVJUrpFGVT89Zpnq99jhh/nUMDLORq7AJvg54C/HxXnHKVUXbWu99A==~4273975~4338757; Domain=.list-manage.com; Path=/; Expires=Thu, 16 May 2024 16:52:41 GMT; Max-Age=14399; SameSite=None; Secure
server-timing: ak_p; desc="1715863961571_3090373309_516758588_35706_9916_49_150_255";dur=1
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

19.11.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.11.221.88.in-addr.arpa

IN PTR

Response

19.11.221.88.in-addr.arpa

IN PTR

a88-221-11-19deploystaticakamaitechnologiescom
DNS

81.242.123.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.242.123.52.in-addr.arpa

IN PTR

Response
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

iompar.com

msedge.exe

Remote address:

8.8.8.8:53

Request

iompar.com

IN A

Response

iompar.com

IN A

207.55.255.20
GET

https://iompar.com/sareo/

msedge.exe

Remote address:

207.55.255.20:443

Request

GET /sareo/ HTTP/1.1
Host: iompar.com
Connection: keep-alive
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:41 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

microsoft-docsonlinestoragesoffice365.pharmalleve.com

msedge.exe

Remote address:

8.8.8.8:53

Request

microsoft-docsonlinestoragesoffice365.pharmalleve.com

IN A

Response

microsoft-docsonlinestoragesoffice365.pharmalleve.com

IN A

172.67.146.208

microsoft-docsonlinestoragesoffice365.pharmalleve.com

IN A

104.21.10.223
GET

https://microsoft-docsonlinestoragesoffice365.pharmalleve.com/?nvuskbfl&qrc=yvette@marioncountyclerk.org

msedge.exe

Remote address:

172.67.146.208:443

Request

GET /?nvuskbfl&qrc=yvette@marioncountyclerk.org HTTP/2.0
host: microsoft-docsonlinestoragesoffice365.pharmalleve.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://iompar.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Thu, 16 May 2024 12:52:43 GMT
location: https://rockwayexhbits.com?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3JvY2t3YXlleGhiaXRzLmNvbSIsImRvbWFpbiI6InJvY2t3YXlleGhiaXRzLmNvbSIsImtleSI6IjlvcU90b2pVRHR6diIsInFyYyI6Inl2ZXR0ZUBtYXJpb25jb3VudHljbGVyay5vcmciLCJpYXQiOjE3MTU4NjM5NjMsImV4cCI6MTcxNTg2NDA4M30.tVkpwJeFMCXPoPEbmW5Wl2C5aM5RbPwR-UzyH4FCJ6Q
set-cookie: qPdM=9oqOtojUDtzv; path=/; samesite=none; secure; httponly
set-cookie: qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; path=/; samesite=none; secure; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RvbX5gkIHZGyAT2shoe4PJWVUdQ4esE9aSBIMGJ4u3ZTJ%2F%2BPBEpB2vix3jeuIzMurtBGpig6Qz9AhlPaFck%2Bvl20CBH7EAQmRJktMQFE63C7KHeMcZwPnIB9bNlFA%2BxLpID0zOEERGiqLw50NwK4syRxK6zmpPesWvPQQX0mM%2FZfAUXToENdew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 884b81a83a8c55ea-LHR
alt-svc: h3=":443"; ma=86400
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

2.18.190.80

a1952.dscq.akamai.net

IN A

2.18.190.81
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

2.18.190.80:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 16 May 2024 13:52:42 GMT
Date: Thu, 16 May 2024 12:52:42 GMT
Connection: keep-alive
DNS

20.255.55.207.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.255.55.207.in-addr.arpa

IN PTR

Response

20.255.55.207.in-addr.arpa

IN PTR

cpanel02hostie
DNS

208.146.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.146.67.172.in-addr.arpa

IN PTR

Response
DNS

80.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.190.18.2.in-addr.arpa

IN PTR

Response

80.190.18.2.in-addr.arpa

IN PTR

a2-18-190-80deploystaticakamaitechnologiescom
DNS

rockwayexhbits.com

msedge.exe

Remote address:

8.8.8.8:53

Request

rockwayexhbits.com

IN A

Response

rockwayexhbits.com

IN A

217.15.168.41
GET

https://rockwayexhbits.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3JvY2t3YXlleGhiaXRzLmNvbSIsImRvbWFpbiI6InJvY2t3YXlleGhiaXRzLmNvbSIsImtleSI6IjlvcU90b2pVRHR6diIsInFyYyI6Inl2ZXR0ZUBtYXJpb25jb3VudHljbGVyay5vcmciLCJpYXQiOjE3MTU4NjM5NjMsImV4cCI6MTcxNTg2NDA4M30.tVkpwJeFMCXPoPEbmW5Wl2C5aM5RbPwR-UzyH4FCJ6Q

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3JvY2t3YXlleGhiaXRzLmNvbSIsImRvbWFpbiI6InJvY2t3YXlleGhiaXRzLmNvbSIsImtleSI6IjlvcU90b2pVRHR6diIsInFyYyI6Inl2ZXR0ZUBtYXJpb25jb3VudHljbGVyay5vcmciLCJpYXQiOjE3MTU4NjM5NjMsImV4cCI6MTcxNTg2NDA4M30.tVkpwJeFMCXPoPEbmW5Wl2C5aM5RbPwR-UzyH4FCJ6Q HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Referer: https://iompar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Set-Cookie: qPdM=9oqOtojUDtzv; path=/; samesite=none; secure; httponly
Set-Cookie: qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; path=/; samesite=none; secure; httponly
location: /?qrc=yvette%40marioncountyclerk.org
Date: Thu, 16 May 2024 12:52:44 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked
GET

https://rockwayexhbits.com/?qrc=yvette%40marioncountyclerk.org

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /?qrc=yvette%40marioncountyclerk.org HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Referer: https://iompar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ

Response

HTTP/1.1 302 Moved Temporarily

Cache-Control: no-cache
Pragma: no-cache
Location: https://rockwayexhbits.com/owa/?login_hint=yvette%40marioncountyclerk.org
Server: Microsoft-IIS/10.0
request-id: 6611b609-d07f-dbda-30de-a6849e8bc949
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-FEServer: MN2PR04CA0028, MN2PR04CA0028
X-RequestId: 769b2a40-cc3b-4737-ac2e-ff0ff23860c0
X-FEProxyInfo: MN2PR04CA0028.NAMPRD04.PROD.OUTLOOK.COM
X-FEEFZInfo: MNZ
MS-CV: CbYRZn/Q2tsw3qaEnovJSQ.0
X-Powered-By: ASP.NET
Date: Thu, 16 May 2024 12:52:44 GMT
Connection: close
Content-Length: 0
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
DNS

41.168.15.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.168.15.217.in-addr.arpa

IN PTR

Response

41.168.15.217.in-addr.arpa

IN PTR

srv511844hstgrcloud
DNS

11.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.97.55.23.in-addr.arpa

IN PTR

Response

11.97.55.23.in-addr.arpa

IN PTR

a23-55-97-11deploystaticakamaitechnologiescom
GET

https://rockwayexhbits.com/owa/?login_hint=yvette%40marioncountyclerk.org

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /owa/?login_hint=yvette%40marioncountyclerk.org HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Referer: https://iompar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ

Response

HTTP/1.1 302 Found

content-length: 1386
Content-Type: text/html; charset=utf-8
Location: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Server: Microsoft-IIS/10.0
request-id: 52c18120-f545-e7cb-0a4c-c16b27d61af0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
X-CalculatedBETarget: MN2PR04MB6800.namprd04.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 302
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ClientId=DE9C8A6C65B141B8803FE95229264EDD; expires=Fri, 16-May-2025 12:52:44 GMT; path=/;SameSite=None; secure
Set-Cookie: ClientId=DE9C8A6C65B141B8803FE95229264EDD; expires=Fri, 16-May-2025 12:52:44 GMT; path=/;SameSite=None; secure
Set-Cookie: OIDC=1; expires=Sat, 16-Nov-2024 12:52:44 GMT; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: RoutingKeyCookie=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.token.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.token.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.id_token.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.code.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.id_token.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.code.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.tokenPostPath=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; expires=Thu, 16-May-2024 13:52:44 GMT; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: HostSwitchPrg=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OptInPrg=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: SuiteServiceProxyKey=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: ClientId=DE9C8A6C65B141B8803FE95229264EDD; expires=Fri, 16-May-2025 12:52:44 GMT; path=/;SameSite=None; secure
Set-Cookie: OIDC=1; expires=Sat, 16-Nov-2024 12:52:44 GMT; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: RoutingKeyCookie=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.token.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.token.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.id_token.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.code.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.id_token.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.code.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.tokenPostPath=; domain=rockwayexhbits.com; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; expires=Thu, 16-May-2024 13:52:44 GMT; path=/;SameSite=None; secure; HttpOnly
Set-Cookie: HostSwitchPrg=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: OptInPrg=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: SuiteServiceProxyKey=; expires=Mon, 16-May-1994 12:52:44 GMT; path=/; secure
Set-Cookie: X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; expires=Thu, 16-May-2024 18:54:44 GMT; path=/;SameSite=None; secure; HttpOnly
X-RUM-Validated: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-BeSku: WCS6
X-OWA-DiagnosticsInfo: 1;0;0
X-IIDs: 0
X-BackEnd-Begin: 2024-05-16T12:52:44.645
X-BackEnd-End: 2024-05-16T12:52:44.645
X-DiagInfo: MN2PR04MB6800
X-BEServer: MN2PR04MB6800
X-UA-Compatible: IE=EmulateIE7
X-Proxy-RoutingCorrectness: 1
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
X-Proxy-BackendServerStatus: 302
X-FirstHopCafeEFZ: MNZ
X-FEProxyInfo: MN2PR04CA0021.NAMPRD04.PROD.OUTLOOK.COM
X-FEEFZInfo: MNZ
X-FEServer: MN2PR04CA0021
Date: Thu, 16 May 2024 12:52:44 GMT
Connection: close
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET

https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Referer: https://iompar.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag

Response

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 249e8c96-a607-48a7-8849-273bd6a7c500
x-ms-ests-server: 2.1.18077.3 - EUS ProdSlices
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; expires=Sat, 15-Jun-2024 12:52:45 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; domain=rockwayexhbits.com; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; domain=rockwayexhbits.com; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; expires=Sat, 15-Jun-2024 12:52:45 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 16 May 2024 12:52:44 GMT
Connection: close
content-length: 41624
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

88.221.83.209:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Thu, 16 May 2024 12:52:44 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.cd53dd58.1715863964.4240fd4
DNS

209.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.83.221.88.in-addr.arpa

IN PTR

Response

209.83.221.88.in-addr.arpa

IN PTR

a88-221-83-209deploystaticakamaitechnologiescom
DNS

aadcdn.msauth.net

msedge.exe

Remote address:

8.8.8.8:53

Request

aadcdn.msauth.net

IN A

Response

aadcdn.msauth.net

IN CNAME

aadcdnoriginwus2.azureedge.net

aadcdnoriginwus2.azureedge.net

IN CNAME

aadcdnoriginwus2.afd.azureedge.net

aadcdnoriginwus2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

aadcdn.msftauth.net

msedge.exe

Remote address:

8.8.8.8:53

Request

aadcdn.msftauth.net

IN A

Response

aadcdn.msftauth.net

IN CNAME

cs1100.wpc.omegacdn.net

cs1100.wpc.omegacdn.net

IN A

152.199.23.37
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:47 GMT
Content-Type: text/css
Content-Length: 20314
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT
ETag: 0x8DC07082FBB8D2B
x-ms-request-id: 2d4b8a09-901e-0077-749e-a5c690000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125247Z-175658c948fv9f5d8k84pdryrw00000001v000000000e2ke
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd

Response

HTTP/1.1 200 OK

Content-Length: 689017
Content-Type: application/x-javascript
Date: Thu, 16 May 2024 12:52:45 GMT
Connection: keep-alive
Keep-Alive: timeout=5
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:47 GMT
Content-Type: application/x-javascript
content-length: 190151
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 27 Oct 2022 14:24:13 GMT
ETag: 0x8DAB826EBE74413
x-ms-request-id: 6641814b-101e-003b-3fbb-a6e198000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125247Z-175658c948ffnf8nn98sc99hxg00000001q0000000001f12
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:46 GMT
Content-Type: application/x-javascript
content-length: 55363
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Wed, 24 Apr 2024 05:49:08 GMT
ETag: 0x8DC64224217DD14
x-ms-request-id: 06ed99be-e01e-0044-0efa-a59a87000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125246Z-185d4d87c7d94fgj9kfs6v6hw800000002yg00000000gxwe
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:47 GMT
Content-Type: application/x-javascript
content-length: 109863
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 26 Jan 2023 00:32:54 GMT
ETag: 0x8DAFF34DD9DC630
x-ms-request-id: a36cd712-701e-0069-6a64-a7d4af000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125247Z-185d4d87c7ds8dzsnaybprgzqc00000002x000000000dn45
x-fd-int-roxy-purgeid: 0
X-Cache-Info: L1_T2
X-Cache: TCP_HIT
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
DNS

outlook.office365.com

msedge.exe

Remote address:

8.8.8.8:53

Request

outlook.office365.com

IN A

Response

outlook.office365.com

IN CNAME

ooc-g2.tm-4.office.com

ooc-g2.tm-4.office.com

IN CNAME

outlook.ms-acdc.office.com

outlook.ms-acdc.office.com

IN CNAME

LHR-efz.ms-acdc.office.com

LHR-efz.ms-acdc.office.com

IN A

52.97.211.146

LHR-efz.ms-acdc.office.com

IN A

52.97.219.242

LHR-efz.ms-acdc.office.com

IN A

52.97.211.82

LHR-efz.ms-acdc.office.com

IN A

52.98.145.114
GET

https://outlook.office365.com/owa/prefetch.aspx

msedge.exe

Remote address:

52.97.211.146:443

Request

GET /owa/prefetch.aspx HTTP/2.0
host: outlook.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rockwayexhbits.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private, no-store
content-length: 2745
content-type: text/html; charset=utf-8
server: Microsoft-IIS/10.0
request-id: b71a345c-979b-b5c8-84c2-ff999e8a3dad
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
x-calculatedfetarget: CWLP123CU007.internal.outlook.com
x-backendhttpstatus: 200
set-cookie: ClientId=8C7FB6FBA4C94677A17C656077B03D0C; expires=Fri, 16-May-2025 12:52:47 GMT; path=/;SameSite=None; secure
set-cookie: ClientId=8C7FB6FBA4C94677A17C656077B03D0C; expires=Fri, 16-May-2025 12:52:47 GMT; path=/;SameSite=None; secure
set-cookie: OIDC=1; expires=Sat, 16-Nov-2024 12:52:47 GMT; path=/;SameSite=None; secure; HttpOnly
set-cookie: OWAPF=v:15.20.7587.28&l:mouse; path=/; secure; HttpOnly
x-calculatedbetarget: CWLP123MB6496.GBRP123.PROD.OUTLOOK.COM
x-backendhttpstatus: 200
x-rum-validated: 1
x-rum-notupdatequeriedpath: 1
x-rum-notupdatequerieddbcopy: 1
x-content-type-options: nosniff
x-besku: WCS7
x-owa-version: 15.20.7587.28
x-owa-diagnosticsinfo: 2;0;0
x-iids: 0
x-backend-begin: 2024-05-16T12:52:47.575
x-backend-end: 2024-05-16T12:52:47.575
x-diaginfo: CWLP123MB6496
x-beserver: CWLP123MB6496
x-ua-compatible: IE=EmulateIE7
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 200
x-feproxyinfo: LO4P123CA0407.GBRP123.PROD.OUTLOOK.COM
x-feefzinfo: LHR
x-feserver: CWLP123CA0165
report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=LHR&RemoteIP=191.101.209.0&Environment="}],"include_subdomains":true}
nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
x-firsthopcafeefz: LHR
x-feserver: LO4P123CA0407
date: Thu, 16 May 2024 12:52:47 GMT
DNS

r4.res.office365.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r4.res.office365.com

IN A

Response

r4.res.office365.com

IN CNAME

r4.res.office365.com.edgekey.net

r4.res.office365.com.edgekey.net

IN CNAME

e40491.dscg.akamaiedge.net

e40491.dscg.akamaiedge.net

IN A

184.31.15.242

e40491.dscg.akamaiedge.net

IN A

184.31.15.227
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.0.mouse.js

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/scripts/boot.worldwide.0.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 14 May 2024 23:43:24 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:47 GMT
content-length: 179692
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.1.mouse.js

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/scripts/boot.worldwide.1.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 14 May 2024 23:43:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
content-length: 163064
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.2.mouse.js

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/scripts/boot.worldwide.2.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 14 May 2024 23:43:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
content-length: 169666
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.3.mouse.js

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/scripts/boot.worldwide.3.mouse.js HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: application/x-javascript
last-modified: Tue, 14 May 2024 23:43:09 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
content-length: 145599
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.png

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.png HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-length: 132
content-type: image/png
last-modified: Tue, 14 May 2024 23:58:19 GMT
server: AkamaiNetStorage
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.css

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.css HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/css
last-modified: Tue, 14 May 2024 23:58:21 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
content-length: 288
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/styles/0/boot.worldwide.mouse.css

msedge.exe

Remote address:

184.31.15.242:443

Request

GET /owa/prem/15.20.7587.28/resources/styles/0/boot.worldwide.mouse.css HTTP/2.0
host: r4.res.office365.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://outlook.office365.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/css
last-modified: Tue, 14 May 2024 23:59:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: public,max-age=630720000, s-maxage=630720000
date: Thu, 16 May 2024 12:52:48 GMT
content-length: 44144
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/gif
Content-Length: 3620
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT
ETag: 0x8D79B8373B17F89
x-ms-request-id: f973f6fc-501e-0013-0f40-a728ba000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-175658c948fg5f74u77ytpzrr0000000012000000000aa48
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/x-icon
Content-Length: 17174
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT
ETag: 0x8D8731230C851A6
x-ms-request-id: 9e38956b-a01e-0028-178a-a52cbc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-175658c948fxnk6mqykq4ue1kw00000001sg00000000ef22
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: application/x-javascript
content-length: 15748
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 26 Jan 2023 00:32:55 GMT
ETag: 0x8DAFF34DE08B462
x-ms-request-id: 2e4c86ab-e01e-003c-3119-a63096000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-185d4d87c7d4b97z0pnf6ya1dc000000047g000000004hf9
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/gif
Content-Length: 2672
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT
ETag: 0x8D79B83739984DD
x-ms-request-id: 3346d288-801e-0006-63dc-a61f92000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-185d4d87c7d2lkb7gpznvqzg9000000000zg00000000261q
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
DNS

146.211.97.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.211.97.52.in-addr.arpa

IN PTR

Response
DNS

242.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

242.15.31.184.in-addr.arpa

IN PTR

Response

242.15.31.184.in-addr.arpa

IN PTR

a184-31-15-242deploystaticakamaitechnologiescom
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/jpeg
Content-Length: 987
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 27 Mar 2020 19:41:47 GMT
ETag: 0x8D7D286E322A911
x-ms-request-id: bb2e0569-e01e-0010-0920-a755bc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-185d4d87c7djvsd2ys7etehpt8000000020g000000003nk5
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/svg+xml
Content-Length: 1435
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT
ETag: 0x8D79B8373CB2849
x-ms-request-id: a9f3cda3-801e-006e-203b-a705a1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-185d4d87c7dx8rwvbexp3257t4000000015g00000000dvma
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/jpeg
Content-Length: 17453
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 27 Mar 2020 19:41:47 GMT
ETag: 0x8D7D286E30A1202
x-ms-request-id: 671fab93-801e-0006-2088-a61f92000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-175658c948fxqznvcbktmsavf800000001mg00000000f3ae
x-fd-int-roxy-purgeid: 4554691
X-Cache-Info: L1_T2
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:48 GMT
Content-Type: image/png
Content-Length: 5139
Connection: close
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 12 Feb 2020 03:12:12 GMT
ETag: 0x8D7AF695A8C44DC
x-ms-request-id: d19dda61-901e-001f-417b-a7dca3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125248Z-175658c948f79sb4stbc3q09gg00000000k000000000erc8
x-fd-int-roxy-purgeid: 0
X-Cache-Info: L1_T2
X-Cache: TCP_HIT
Accept-Ranges: bytes
DNS

autologon.microsoftazuread-sso.com

msedge.exe

Remote address:

8.8.8.8:53

Request

autologon.microsoftazuread-sso.com

IN A

Response

autologon.microsoftazuread-sso.com

IN A

40.126.31.73

autologon.microsoftazuread-sso.com

IN A

20.190.159.0

autologon.microsoftazuread-sso.com

IN A

20.190.159.68

autologon.microsoftazuread-sso.com

IN A

20.190.159.75

autologon.microsoftazuread-sso.com

IN A

20.190.159.73

autologon.microsoftazuread-sso.com

IN A

40.126.31.69

autologon.microsoftazuread-sso.com

IN A

20.190.159.71

autologon.microsoftazuread-sso.com

IN A

20.190.159.23
DNS

www.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.19.217.218
DNS

privacy.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

privacy.microsoft.com

IN A

Response

privacy.microsoft.com

IN CNAME

privacy.microsoft.com.edgekey.net

privacy.microsoft.com.edgekey.net

IN CNAME

e13678.dspb.akamaiedge.net

e13678.dspb.akamaiedge.net

IN A

2.19.217.218
GET

https://autologon.microsoftazuread-sso.com/marioncountyclerk.org/winauth/ssoprobe?client-request-id=52c18120-f545-e7cb-0a4c-c16b27d61af0&_=1715863967987

msedge.exe

Remote address:

40.126.31.73:443

Request

GET /marioncountyclerk.org/winauth/ssoprobe?client-request-id=52c18120-f545-e7cb-0a4c-c16b27d61af0&_=1715863967987 HTTP/1.1
Host: autologon.microsoftazuread-sso.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 401 Unauthorized

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: image/png; charset=utf-8
Expires: -1
Vary: Origin
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: https://login.microsoftonline.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 6e1c88a9-8841-4c40-9589-bea50a292200
x-ms-ests-server: 2.1.18077.3 - SEC ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
WWW-Authenticate: Negotiate
Set-Cookie: fpc=AsjHh7_z9JNHh7Iz2zpGuXw; expires=Sat, 15-Jun-2024 12:52:48 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 16 May 2024 12:52:48 GMT
Content-Length: 12
POST

https://rockwayexhbits.com/common/instrumentation/dssostatus

msedge.exe

Remote address:

217.15.168.41:443

Request

POST /common/instrumentation/dssostatus HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
Content-Length: 67
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
hpgrequestid: 249e8c96-a607-48a7-8849-273bd6a7c500
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
client-request-id: 52c18120-f545-e7cb-0a4c-c16b27d61af0
canary: PAQABDgEAAADnfolhJpSnRYB1SVj-Hgd87Cqq9fLGRTgVkiUhCzKRYj9MmNQxTAJLtZc5Fbn8zU-FyyFCgdseqbecJmSRFQe1h3tUvTGoZAta2cANPf5wNzei6LhoVvsFnfZkGKNDKQVKaS7bDURf7nMlWnGPAuNL6LhnVn1kAW_166EBVxeTgK_UhmLMchzMibjgIM99hbNxVsuGTJP01CFBMkllBcdT0cLwM2R2Ka-3xn1kjseSIyAA
Content-type: application/json; charset=UTF-8
hpgid: 1104
Accept: application/json
hpgact: 1800
Origin: https://rockwayexhbits.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 52c18120-f545-e7cb-0a4c-c16b27d61af0
x-ms-request-id: 97e1bb93-081d-435a-8623-06d468e3d000
x-ms-ests-server: 2.1.18077.3 - EUS ProdSlices
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; expires=Sat, 15-Jun-2024 12:52:49 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Thu, 16 May 2024 12:52:48 GMT
Connection: close
content-length: 265
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8442c9722efe126153de.js

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8442c9722efe126153de.js HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:49 GMT
Content-Type: application/x-javascript
content-length: 7044
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 26 Jan 2023 00:32:55 GMT
ETag: 0x8DAFF34DE1CD706
x-ms-request-id: 8042f543-301e-006d-5439-a678a7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125249Z-185d4d87c7d57dgvux1672v04n0000000f7g00000000fbf3
x-fd-int-roxy-purgeid: 0
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:49 GMT
Content-Type: image/svg+xml
Content-Length: 254
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 17 Jan 2020 19:28:39 GMT
ETag: 0x8D79B8374511AB4
x-ms-request-id: 330290bb-401e-0062-3e6a-a7f1b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125249Z-175658c948flvb4hvx29uezybw000000015000000000d0u9
x-fd-int-roxy-purgeid: 0
X-Cache-Info: L1_T2
X-Cache: TCP_HIT
Accept-Ranges: bytes
GET

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg

msedge.exe

Remote address:

217.15.168.41:443

Request

GET /aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg HTTP/1.1
Host: rockwayexhbits.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: qPdM=9oqOtojUDtzv; qPdM.sig=vhb40A_kfq-PaYQ2DKn_1-O2jHQ; ClientId=DE9C8A6C65B141B8803FE95229264EDD; OIDC=1; OpenIdConnect.nonce.v3.mM-ycQBagbLjl2zNl5Qf2yu7Jrx8S06LhdzpRgjpxxs=638514607646457023.12536151-7c11-4067-a12c-009e79598578; X-OWA-RedirectHistory=ArLym14BvzyqFKd13Ag; buid=0.AXcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8YReEWXzbVJcBTLChsMtvojpIiwQdslPPoPkdYoTlZC8HfyrKmDv5Q9VyxRRK0w4tHFtjQrgWTw9a6G0FC5hFq-VppbFXIw46LqwhHjQ0he4gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hVjKiufTGxWWnSE66-I1oHtstKJQdkH0naGavbAJ3hRchNkPG46wyuWyO1O81VkL9iqL_283uh--ec5ggLjUd7NWq7WSdCJaQ6ZhReLLBtzlatsWwZlIHLr74AoOLIgIJ-Czx0FLunuiPrt6IaRjd9L4EQl2dg_-TX1jST0RHT8gAA; esctx-L4UBq42G9mA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd804fMa2x523H867UMq1_USAvckZfgHyDTufYhaHP6QpYfKEgIXWRgX0n2MpJkvu1mq3eX931N8srg0Zsexf41Ym1FWJbKlGKaegzJcU3qxLBm72chh77IZ_hDfKr3zQC81OrVUQIkygVJH-L8DJN-iyAA; fpc=AilryA-kgR9PnCJCh_LG20yerOTJAQAAAJ34190OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0

Response

HTTP/1.1 200 OK

Date: Thu, 16 May 2024 12:52:49 GMT
Content-Type: image/svg+xml
Content-Length: 628
Connection: close
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Sat, 31 Oct 2020 02:21:09 GMT
ETag: 0x8D87D43A145A2CC
x-ms-request-id: b1851fad-a01e-006c-743e-a753a5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
x-azure-ref: 20240516T125249Z-175658c948f4rfgv243udx98kg00000002xg00000000c3a9
x-fd-int-roxy-purgeid: 4554691
X-Cache: TCP_HIT
X-Cache-Info: L1_T2
Accept-Ranges: bytes
DNS

browser.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.microsoft.com

IN A

Response

browser.events.data.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdwus11.westus.cloudapp.azure.com

onedscolprdwus11.westus.cloudapp.azure.com

IN A

20.189.173.12
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

20.189.173.12:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://rockwayexhbits.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://rockwayexhbits.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://rockwayexhbits.com
date: Thu, 16 May 2024 12:52:50 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

20.189.173.12:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1383
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1715863970391
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.6
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: 69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
client-id: NO_AUTH
accept: */*
origin: https://rockwayexhbits.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rockwayexhbits.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=959a0003a9e6491fa677c35d8316c147&HASH=959a&LV=202405&V=4&LU=1715863971756; Domain=.microsoft.com; Expires=Fri, 16 May 2025 12:52:51 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=5e60feb80f444ca7b32b6adaa9c4d39c; Domain=.microsoft.com; Expires=Thu, 16 May 2024 13:22:51 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1365
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://rockwayexhbits.com
access-control-expose-headers: time-delta-millis
date: Thu, 16 May 2024 12:52:50 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

20.189.173.12:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 560
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1715864028823
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.6
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 1365
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: 69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
client-id: NO_AUTH
accept: */*
origin: https://rockwayexhbits.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://rockwayexhbits.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=47c7ded1e38f49329c804c2bd5c9de0a&HASH=47c7&LV=202405&V=4&LU=1715864029337; Domain=.microsoft.com; Expires=Fri, 16 May 2025 12:53:49 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=0a953d2e61094282b5ffbc7e882f7cb1; Domain=.microsoft.com; Expires=Thu, 16 May 2024 13:23:49 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 514
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://rockwayexhbits.com
access-control-expose-headers: time-delta-millis
date: Thu, 16 May 2024 12:53:48 GMT
DNS

12.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.173.189.20.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

identity.nel.measure.office.net

msedge.exe

Remote address:

8.8.8.8:53

Request

identity.nel.measure.office.net

IN A

Response

identity.nel.measure.office.net

IN CNAME

nel.measure.office.net.edgesuite.net

nel.measure.office.net.edgesuite.net

IN CNAME

a1894.dscb.akamai.net

a1894.dscb.akamai.net

IN A

2.18.190.82

a1894.dscb.akamai.net

IN A

2.18.190.81
OPTIONS

https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2

msedge.exe

Remote address:

2.18.190.82:443

Request

OPTIONS /api/report?catId=GW+estsfd+dub2 HTTP/2.0
host: identity.nel.measure.office.net
origin: https://autologon.microsoftazuread-sso.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-length: 7
date: Thu, 16 May 2024 12:53:45 GMT
access-control-allow-headers: content-type
access-control-allow-credentials: false
access-control-allow-methods: *
access-control-allow-methods: GET, OPTIONS, POST
access-control-allow-origin: *
POST

https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2

msedge.exe

Remote address:

2.18.190.82:443

Request

POST /api/report?catId=GW+estsfd+dub2 HTTP/2.0
host: identity.nel.measure.office.net
content-length: 563
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
request-context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
date: Thu, 16 May 2024 12:54:03 GMT
content-length: 53
access-control-allow-credentials: false
access-control-allow-methods: *
access-control-allow-methods: GET, OPTIONS, POST
access-control-allow-origin: *
DNS

82.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.190.18.2.in-addr.arpa

IN PTR

Response

82.190.18.2.in-addr.arpa

IN PTR

a2-18-190-82deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4B1318A63FD464388576200C8ADD596 Ref B: LON04EDGE1221 Ref C: 2024-05-16T12:54:17Z
date: Thu, 16 May 2024 12:54:17 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 86B76776AD3D4DEC9D4D97EAB975ECA5 Ref B: LON04EDGE1221 Ref C: 2024-05-16T12:54:17Z
date: Thu, 16 May 2024 12:54:17 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5FAFA45D8CF34D07BB0245DBD7293DD6 Ref B: LON04EDGE1221 Ref C: 2024-05-16T12:54:17Z
date: Thu, 16 May 2024 12:54:17 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E0C730046BDE4649B2DD3262930DA5BC Ref B: LON04EDGE1221 Ref C: 2024-05-16T12:54:17Z
date: Thu, 16 May 2024 12:54:17 GMT
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

88.221.11.19:443

https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///

tls, http2

msedge.exe

2.0kB
8.0kB
18
20

HTTP Request

GET https://swiftconstruction.us22.list-manage.com/track/click?u=b78cc5aeb8b5a137aae7a7d8c&id=2dd9cef568&e=7fb47aa29b///

HTTP Response

302
207.55.255.20:443

https://iompar.com/sareo/

tls, http

msedge.exe

1.9kB
7.4kB
14
17

HTTP Request

GET https://iompar.com/sareo/

HTTP Response

200
172.67.146.208:443

https://microsoft-docsonlinestoragesoffice365.pharmalleve.com/?nvuskbfl&qrc=yvette@marioncountyclerk.org

tls, http2

msedge.exe

1.9kB
5.8kB
15
13

HTTP Request

GET https://microsoft-docsonlinestoragesoffice365.pharmalleve.com/?nvuskbfl&qrc=yvette@marioncountyclerk.org

HTTP Response

302
172.67.146.208:443

microsoft-docsonlinestoragesoffice365.pharmalleve.com

tls

msedge.exe

943 B
4.1kB
8
6
2.18.190.80:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/?qrc=yvette%40marioncountyclerk.org

tls, http

msedge.exe

2.9kB
4.5kB
11
12

HTTP Request

GET https://rockwayexhbits.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3JvY2t3YXlleGhiaXRzLmNvbSIsImRvbWFpbiI6InJvY2t3YXlleGhiaXRzLmNvbSIsImtleSI6IjlvcU90b2pVRHR6diIsInFyYyI6Inl2ZXR0ZUBtYXJpb25jb3VudHljbGVyay5vcmciLCJpYXQiOjE3MTU4NjM5NjMsImV4cCI6MTcxNTg2NDA4M30.tVkpwJeFMCXPoPEbmW5Wl2C5aM5RbPwR-UzyH4FCJ6Q

HTTP Response

302

HTTP Request

GET https://rockwayexhbits.com/?qrc=yvette%40marioncountyclerk.org

HTTP Response

302
217.15.168.41:443

https://rockwayexhbits.com/owa/?login_hint=yvette%40marioncountyclerk.org

tls, http

msedge.exe

1.9kB
9.5kB
10
14

HTTP Request

GET https://rockwayexhbits.com/owa/?login_hint=yvette%40marioncountyclerk.org

HTTP Response

302
217.15.168.41:443

https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR

tls, http

msedge.exe

3.3kB
20.2kB
15
21

HTTP Request

GET https://rockwayexhbits.com/?hyf0ibmv3=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD15dmV0dGUlNDBtYXJpb25jb3VudHljbGVyay5vcmcmY2xpZW50LXJlcXVlc3QtaWQ9NTJjMTgxMjAtZjU0NS1lN2NiLTBhNGMtYzE2YjI3ZDYxYWYwJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODUxNDYwNzY0NjQ1NzAyMy4xMjUzNjE1MS03YzExLTQwNjctYTEyYy0wMDllNzk1OTg1Nzgmc3RhdGU9RGN0TkRzSWdFRUJoMExPNHBNendNd01MNDFFTUlhUTJWa2dJMWZUMnN2amU3a2toeEhXNlRCSm1CSk1OSGgwQmt5UG5HWXhkMEhoTDZGRnhSbFFPaUZWQ2t4VkFMQng5REo2RG5LX1c3WmYwWTJfclZwLXZyWTc3LVMxamxKdURULXBicTdrZGRaeDVMXzI5dEw3LUFR

HTTP Response

200
88.221.83.209:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.4kB
6.3kB
16
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
13.107.246.64:443

aadcdn.msauth.net

tls, http2

msedge.exe

1.7kB
6.0kB
13
16
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

tls, http

msedge.exe

4.0kB
24.5kB
17
24

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js

tls, http

msedge.exe

19.1kB
777.8kB
291
566

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_9i90DmN8HbFiIvCSmsAz-Q2.js

HTTP Response

200

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js

tls, http

msedge.exe

4.2kB
20.6kB
20
21

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_vtf__v_j2jh3v2otg9k3lq2.js

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js

tls, http

msedge.exe

4.2kB
35.2kB
20
31

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js

HTTP Response

200
52.97.211.146:443

https://outlook.office365.com/owa/prefetch.aspx

tls, http2

msedge.exe

2.0kB
9.6kB
15
16

HTTP Request

GET https://outlook.office365.com/owa/prefetch.aspx

HTTP Response

200
184.31.15.242:443

https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/styles/0/boot.worldwide.mouse.css

tls, http2

msedge.exe

15.3kB
735.3kB
296
552

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.0.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.1.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.2.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/scripts/boot.worldwide.3.mouse.js

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.png

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/images/0/sprite1.mouse.css

HTTP Response

200

HTTP Request

GET https://r4.res.office365.com/owa/prem/15.20.7587.28/resources/styles/0/boot.worldwide.mouse.css

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

tls, http

msedge.exe

3.8kB
7.3kB
11
12

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

tls, http

msedge.exe

4.0kB
19.1kB
14
20

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js

tls, http

msedge.exe

3.8kB
10.0kB
12
14

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

tls, http

msedge.exe

3.8kB
6.4kB
11
12

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg

tls, http

msedge.exe

3.8kB
2.4kB
9
9

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

tls, http

msedge.exe

3.7kB
5.1kB
10
11

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg

tls, http

msedge.exe

4.0kB
19.4kB
14
20

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png

tls, http

msedge.exe

3.8kB
8.9kB
12
13

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png

HTTP Response

200
40.126.31.73:443

https://autologon.microsoftazuread-sso.com/marioncountyclerk.org/winauth/ssoprobe?client-request-id=52c18120-f545-e7cb-0a4c-c16b27d61af0&_=1715863967987

tls, http

msedge.exe

2.3kB
5.9kB
11
11

HTTP Request

GET https://autologon.microsoftazuread-sso.com/marioncountyclerk.org/winauth/ssoprobe?client-request-id=52c18120-f545-e7cb-0a4c-c16b27d61af0&_=1715863967987

HTTP Response

401
217.15.168.41:443

https://rockwayexhbits.com/common/instrumentation/dssostatus

tls, http

msedge.exe

4.4kB
2.6kB
12
10

HTTP Request

POST https://rockwayexhbits.com/common/instrumentation/dssostatus

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8442c9722efe126153de.js

tls, http

msedge.exe

3.7kB
4.6kB
9
10

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8442c9722efe126153de.js

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg

tls, http

msedge.exe

3.7kB
3.9kB
10
9

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_msa_2d8f86059be176833897099ee6ddedeb.svg

HTTP Response

200
217.15.168.41:443

https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg

tls, http

msedge.exe

3.7kB
4.3kB
10
10

HTTP Request

GET https://rockwayexhbits.com/aadcdn.msauth.net/~/shared/1.0/content/images/picker_account_aad_f83ebff69a4a1685e4dc9650cdab8886.svg

HTTP Response

200
20.189.173.12:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

tls, http2

msedge.exe

5.3kB
9.0kB
23
19

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200
2.18.190.82:443

https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2

tls, http2

msedge.exe

2.6kB
6.0kB
18
22

HTTP Request

OPTIONS https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2

HTTP Response

200

HTTP Request

POST https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

95.2kB
2.8MB
2045
2040

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

swiftconstruction.us22.list-manage.com

dns

msedge.exe

84 B
179 B
1
1

DNS Request

swiftconstruction.us22.list-manage.com

DNS Response

88.221.11.19
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

19.11.221.88.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

19.11.221.88.in-addr.arpa
8.8.8.8:53

81.242.123.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

81.242.123.52.in-addr.arpa
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

iompar.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

iompar.com

DNS Response

207.55.255.20
8.8.8.8:53

microsoft-docsonlinestoragesoffice365.pharmalleve.com

dns

msedge.exe

99 B
131 B
1
1

DNS Request

microsoft-docsonlinestoragesoffice365.pharmalleve.com

DNS Response

172.67.146.208

104.21.10.223
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

2.18.190.80

2.18.190.81
8.8.8.8:53

20.255.55.207.in-addr.arpa

dns

72 B
102 B
1
1

DNS Request

20.255.55.207.in-addr.arpa
8.8.8.8:53

208.146.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

208.146.67.172.in-addr.arpa
8.8.8.8:53

80.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

80.190.18.2.in-addr.arpa
8.8.8.8:53

rockwayexhbits.com

dns

msedge.exe

64 B
80 B
1
1

DNS Request

rockwayexhbits.com

DNS Response

217.15.168.41
8.8.8.8:53

41.168.15.217.in-addr.arpa

dns

72 B
107 B
1
1

DNS Request

41.168.15.217.in-addr.arpa
8.8.8.8:53

11.97.55.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

11.97.55.23.in-addr.arpa
217.15.168.41:443

rockwayexhbits.com

https

msedge.exe

1.4kB
1
8.8.8.8:53

209.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.83.221.88.in-addr.arpa
8.8.8.8:53

aadcdn.msauth.net

dns

msedge.exe

63 B
292 B
1
1

DNS Request

aadcdn.msauth.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

aadcdn.msftauth.net

dns

msedge.exe

65 B
115 B
1
1

DNS Request

aadcdn.msftauth.net

DNS Response

152.199.23.37
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

64.246.107.13.in-addr.arpa

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

outlook.office365.com

dns

msedge.exe

67 B
216 B
1
1

DNS Request

outlook.office365.com

DNS Response

52.97.211.146

52.97.219.242

52.97.211.82

52.98.145.114
8.8.8.8:53

r4.res.office365.com

dns

msedge.exe

66 B
181 B
1
1

DNS Request

r4.res.office365.com

DNS Response

184.31.15.242

184.31.15.227
8.8.8.8:53

146.211.97.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.211.97.52.in-addr.arpa
8.8.8.8:53

242.15.31.184.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

242.15.31.184.in-addr.arpa
224.0.0.251:5353

msedge.exe

604 B
9
8.8.8.8:53

autologon.microsoftazuread-sso.com

dns

msedge.exe

80 B
208 B
1
1

DNS Request

autologon.microsoftazuread-sso.com

DNS Response

40.126.31.73

20.190.159.0

20.190.159.68

20.190.159.75

20.190.159.73

40.126.31.69

20.190.159.71

20.190.159.23
8.8.8.8:53

www.microsoft.com

dns

msedge.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.19.217.218
8.8.8.8:53

privacy.microsoft.com

dns

msedge.exe

67 B
167 B
1
1

DNS Request

privacy.microsoft.com

DNS Response

2.19.217.218
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

browser.events.data.microsoft.com

dns

msedge.exe

79 B
200 B
1
1

DNS Request

browser.events.data.microsoft.com

DNS Response

20.189.173.12
8.8.8.8:53

12.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

12.173.189.20.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

identity.nel.measure.office.net

dns

msedge.exe

77 B
188 B
1
1

DNS Request

identity.nel.measure.office.net

DNS Response

2.18.190.82

2.18.190.81
8.8.8.8:53

82.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.190.18.2.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3284bf5ef95a0717be757e0b0295e010

SHA1
81b178072f5dc7295213cb0045af79b7f3f59c36

SHA256
ad2b89386a946f2a136f23b04d1d1f4344127f46ed9c72237b91bc42cf7c83c5

SHA512
07a9ac12e5b154d378b6a2a998ac050ef71203d312b4a2eea7e461aa6632a62055a996b0fb70358f5312b75dea35fb1eed804fb271b9faf896dda04a4d4e1076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1017B

MD5
7087c49c221cb40e4414af768954ea3c

SHA1
f204a53c9267e647cdceeef95b086997711e8dfe

SHA256
8d92cbfae07081c3f9ac2c7c5e368da6cf1dc231315b3705b6cfbcb846cb78e1

SHA512
782612a04ec2c22591b5e541ebf678c94193a6acb8433f124d86c17ec4776af55f4a6071d7dc7d78d638c8a0cbbe86b4bc8fdad9dd6675cb2db2964fc60548e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4557db7585a1d0519a6ecf4ebdb4dd3

SHA1
5b91f184d87604c0f8a783fce2dc504d6676e782

SHA256
a37a481f71e4d6a21a08d24af310316f2bc4089e8a26f5f696901b7d9336aef9

SHA512
46bcde5f9a01a0fb2907320f0c2a64be4b94bcc722968f0e5261050326082a12a0303ae1cb07b969b4178dc92d63a79073b6cdfa0470e79547e8d6e0c966795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f43e27de5bc82ad40897afcf862fd68c

SHA1
f83aff03f0093cf71e97280d60fcb6a0db83668a

SHA256
81cbe621c5f715a0eb503a3194cae0ea3525b320e833fdfbc9a22c56d84faace

SHA512
07484f0cdd661d1fafa3cceafda2f5b9990e167fd64d08aa42e5996e6331a4e624ba7957d5dcd3354cc57f3a8744c097d135d6fe935b99aa2a4880cc413cac8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f13de586cdb81136da21360119b26975

SHA1
ddc97607db65f15645f23b7318b9c74d6d095cda

SHA256
e4d3afd9fe06495d7814d274b6acf2366f7fffe0b14e9ec1f22faf993a6af94c

SHA512
3f80d7df8dc2ab8f1db825e325edb98947f4d2ad12ae66fb918658a394aea4263b4341387614239114caacbc3f4f96c653d2b346093f0ca10dd070fa64432ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
842481c9ad7a888e44a1e5efcebedbaa

SHA1
6328f52af9fa3f24564fd76769b20b2834f917ba

SHA256
1d1e493de35b6dc14328a12340888e621c3a71c8777f3fa9dac6a59e4f8b023e

SHA512
e2b05bf4f2ad265d8da4f92499be3a9b2fec12eb05e0959eabc086e5c912afacde054345615f581f40d1af458e8bec1c1082cedd6ad47dd369bed77b0ef0a064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587a2c.TMP

Filesize
1KB

MD5
95fda69ee4564d4313c5abf5239ab1a3

SHA1
ae6eee18733aa0631f6c2c1ac8a0b9741251402d

SHA256
d2934575af4d558ed59ed53b321521e688067b84c1fe72be70f69ed37679e49a

SHA512
ee94ca0afa3b2abe0de1a2a8ccec4e0aee2a9a4673f573f1abea02f9fe4d86f96bcedfb679de03e62f4bfe9deb946195784ff2c557b50289f739f10933649eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb251347af0e1fa4596095644e461420

SHA1
f803d406c1f3f1999ff3d20fd14af56b73f564b6

SHA256
d90edd5fd9c17974f545117994cf0e6ef9d61ea17ac188acf08eadeae082c32a

SHA512
3fcd7fa3b0995c2617d25e7c43aeb3c8b1b8b303e15175ebc32233f950ad0b9f1d9c75d76576dd354b136aef502d9b3eebd876a483dee8b62782951dda4e7d94

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request