| login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/ | 52.12.210.59 | | 0 B |
URL login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/ IP52.12.210.59:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft | OpenPhish | phishing | Outlook |
GET / HTTP/1.1
Host: login.live.com.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 29 Mar 2024 05:46:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache
Expires: Fri, 29 Mar 2024 05:45:25 GMT
Location: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer: PPV: 30 H: PH1PEPF00011D32 V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: OParams=11O.DvEvwBxuAo6Oea5sgI4IB!Ycrx6mxPPeYE!jfUEX45VzY3oP5L!Mtw*xOFUqHQQrWuCCSjhvIn9w1J7w4aUT*005zYTNS5NiwAEp0wMnnGD23303NGYDUH2DGfvICZ5NpQ$$; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
x-ms-request-id: 55835a78-0b8d-4b76-b73e-0a974abfa5e6
x-ms-route-info: C510_BAY
X-Robots-Tag: none
X-SkyHigh-Version: BuildNumber=5, BuildDate=2024-03-19 11:47
X-XSS-Protection: 1; mode=block
|
| mitmdetection.services.mozilla.com/ | 54.230.111.77 | | 0 B |
URL mitmdetection.services.mozilla.com/ IP54.230.111.77:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: application/xml
date: Fri, 29 Mar 2024 05:46:25 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hzFS_E2yiaQEmdM4krEzHuCJ9FEXCXqeRVzm4cem4aFjgnlXZz51JQ==
X-Firefox-Spdy: h2
|
| login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033 | 54.212.166.38 | 200 OK | 10 kB |
URL User Request GET HTTP/1.1login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033 IP54.212.166.38:443
CertificateIssuerSkyhigh networks Subjectoffice.o365auto.thiruqaarbpst1.devshn.net Fingerprint3E:B5:F6:F2:ED:11:02:17:FF:20:E8:0D:E7:F2:FA:02:E5:DB:8D:7D ValidityWed, 17 Jan 2024 18:04:47 GMT - Fri, 16 Jan 2026 18:04:47 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (25256) Hash1aa3a01c161dcad0f0bb8c8ed0226800 6c570c85e8a5adffaa3d0e2b41ed6e02acb7bf74 d5d4ffff069bf1a8830802e4bfed47fb95177f757382986495656958bcc97e19
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft | OpenPhish | phishing | Outlook |
GET /login.srf?lc=1033 HTTP/1.1
Host: login.live.com.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 05:46:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 10481
Connection: keep-alive
Cache-Control: no-store, no-cache
Content-Encoding: gzip
Expires: Fri, 29 Mar 2024 05:45:27 GMT
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer: PPV: 30 H: BL02EPF0001DA00 V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: uaid=c3fcc18f0d494d82ae214d7c58ccf3f8; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
MSPRequ=id=N<=1711691187&co=1; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
MSCC=54.70.30.203-US; Expires=Wed, 23-Apr-2025 05:46:27 GMT; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
MSPOK=$uuid-3a586516-633a-4622-9722-99b9042beb79; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
OParams=11O.Dv4W0DgG*rRB0nwSjq8cviufboq4IpNxJosmu6bE5idoJraYOts4D4oN7Sw467*DlQxk!pYGVso3fvf4Haop6Et69zr4WGhFd07LXqZI4*91F9x5VxMoPk*kB9OvKhqi!ujRWylRgh3Q*a!oPO3EPzU$; Path=/; Domain=login.live.com.office.o365auto.thiruqaarbpst1.devshn.net; Secure; SameSite=None; HTTPOnly
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: on
x-ms-request-id: 0eaf66ae-59da-47e7-b2eb-97de8816d7cb
x-ms-route-info: C555_BL2
X-Robots-Tag: none
X-SkyHigh-Version: BuildNumber=5, BuildDate=2024-03-19 11:47
X-XSS-Protection: 1; mode=block
|
| logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js | 0.0.0.0 | | 0 B |
URL GET logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js IP0.0.0.0:0
Requested byhttps://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js HTTP/1.1
Host: logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/
Origin: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
|
| logincdn.msftauth.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js | 0.0.0.0 | | 0 B |
URL GET logincdn.msftauth.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js IP0.0.0.0:0
Requested byhttps://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js HTTP/1.1
Host: logincdn.msftauth.net.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/
Origin: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
|
| logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net/16.000.30141.5/images/favicon.ico | 0.0.0.0 | | 0 B |
URL GET logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net/16.000.30141.5/images/favicon.ico IP0.0.0.0:0
Requested byhttps://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /16.000.30141.5/images/favicon.ico HTTP/1.1
Host: logincdn.msauth.net.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
|
| lgincdnvzeuno.azureedge.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js | 0.0.0.0 | | 0 B |
URL GET lgincdnvzeuno.azureedge.net.office.o365auto.thiruqaarbpst1.devshn.net/shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js IP0.0.0.0:0
Requested byhttps://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/login.srf?lc=1033
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /shared/5/js/login_en_4XWJLQsDnjOrefMiFTdF2g2.js HTTP/1.1
Host: lgincdnvzeuno.azureedge.net.office.o365auto.thiruqaarbpst1.devshn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net/
Origin: https://login.live.com.office.o365auto.thiruqaarbpst1.devshn.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
|