r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10431
Expires: Sat, 03 Dec 2022 00:38:42 GMT
Date: Fri, 02 Dec 2022 21:44:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4375
Cache-Control: max-age=136759
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 21:44:51 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:44:10 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8055
Expires: Fri, 02 Dec 2022 23:59:06 GMT
Date: Fri, 02 Dec 2022 21:44:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 21:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1494
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SxSqd15e5pWSg4eUrepHoNAwqPUC86ix0znRDCfWxjkdJc+OXaUjS79CLO+86LNan6DelLT6PTE=
x-amz-request-id: 6YXD1FQQVP6FA075
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 20:46:15 GMT
age: 3516
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 21:44:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 21:11:16 GMT
cache-control: public,max-age=3600
age: 2016
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4358
Cache-Control: max-age=131680
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 21:44:52 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:19:32 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.198.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.198.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xx0w4ymjfwTRTvjxKvvd6Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jpT/cD40e6lozy26W32WY9NRbn0=
signup-live-com.office365.apps.maxsolutions.com.au/
13.211.19.151302 Found 176 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/
IP 13.211.19.151:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7eca64de0056ccf77081b678749f52a7
90358d1795e586ef076f52bb99e0532587c80f6e
28bb7a2af805491d10262e3d7124c00d207bd1953b0a777d673fe800cb19c407
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET / HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://signup-live-com.office365.apps.maxsolutions.com.au/
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
x-ms-amserver: SCUXXXX009S (2.0.2654.1)
x-ms-amserver-tm: 0ms
x-ms-request-id: e5862094-e47a-4637-adcb-973732bdc801
Referrer-Policy: strict-origin-when-cross-origin
AMServer: SCUXXXXFD00009S
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: E5862094E47A4637ADCB973732BDC801 Ref B: SYD03EDGE1009 Ref C: 2022-12-02T21:44:52Z
Date: Fri, 02 Dec 2022 21:44:52 GMT
Set-Cookie: __SF__sessionId=5b5a2a9af44aa01020c50184f5737; Domain=.office365.apps.maxsolutions.com.au; Path=/; HttpOnly
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5315
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:44:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5315
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:44:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5315
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:44:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5315
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:44:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5315
Expires: Fri, 02 Dec 2022 23:13:28 GMT
Date: Fri, 02 Dec 2022 21:44:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd8ad22c2eb1eb91c76970fa449f1bc4
0de97f3a4964038222bd751e043e413113e6db9d
668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02EF3QEVKmEB2ikbGk9gzQq7_VMi00ufHUNRFTL8MpwJKaXQwdT8HA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:42:27 GMT
age: 64946
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 39216
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 59078
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 56645
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 86000
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V8gPBeq9EOtaMA3xqsKI8dQlkyh2UcBpFFchunWrJBPe1YINpR923Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:34:48 GMT
age: 605
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 97271830dbf78a40e987af67d7e8e6c4
31be589204752c629f0ef451714ea53a385f81df
ec839ae54e62b14a620b972501e01958bac3999f38dc9b830bc7ca95fa8fb87d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 21:44:54 GMT
Server: ECS (amb/6BC6)
Content-Length: 471
signup-live-com.office365.apps.maxsolutions.com.au/
3.104.248.170302 Found 448 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/
IP 3.104.248.170:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (376), with CRLF line terminators
Hash 159dbec339f6757db108308285b5a4a2
c68132581ca1fe68a144533ead4270eff72c86f6
15afba46ab941880901f2ebd30a4b8965d8a59c176eda9e66f4bef2a28f609bb
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET / HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login-live-com.office365.apps.maxsolutions.com.au/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1670017494&rver=7.3.6960.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup-live-com.office365.apps.maxsolutions.com.au%2F%3Flic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1a739f869726491d9e64b23a37971e6d
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
X-Frame-Options: deny
x-ms-amserver: EUSXXXX004R (2.0.2654.1)
x-ms-amserver-tm: 203ms
x-ms-request-id: 183fc87b-af16-4bc6-bb90-f658e54db70b
Referrer-Policy: strict-origin-when-cross-origin
AMServer: EUSXXXXDC00004R
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 183FC87BAF164BC6BB90F658E54DB70B Ref B: SYD03EDGE1521 Ref C: 2022-12-02T21:44:54Z
Date: Fri, 02 Dec 2022 21:44:54 GMT
Set-Cookie: __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; Domain=office365.apps.maxsolutions.com.au; Path=/; Secure; HttpOnly
__SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; Domain=.office365.apps.maxsolutions.com.au; Path=/; Secure; HttpOnly
__SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:44:55 GMT; SameSite=Lax; Secure; HttpOnly
Transfer-Encoding: chunked
login-live-com.office365.apps.maxsolutions.com.au/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1670017494&rver=7.3.6960.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup-live-com.office365.apps.maxsolutions.com.au%2F%3Flic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1a739f869726491d9e64b23a37971e6d
3.104.248.170302 Found 0 B URL HTTP/1.1 login-live-com.office365.apps.maxsolutions.com.au/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1670017494&rver=7.3.6960.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup-live-com.office365.apps.maxsolutions.com.au%2F%3Flic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1a739f869726491d9e64b23a37971e6d
IP 3.104.248.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1670017494&rver=7.3.6960.0&wp=MBI_SSL&wreply=https%3A%2F%2Fsignup-live-com.office365.apps.maxsolutions.com.au%2F%3Flic%3D1&lc=1033&id=68692&mkt=en-US&uaid=1a739f869726491d9e64b23a37971e6d HTTP/1.1
Host: login-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Fri, 02 Dec 2022 21:43:56 GMT
Location: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: R3_BAY
x-ms-request-id: 6a4c022e-756e-4605-9aa2-72cd3ae7880d
PPServer: PPV: 30 H: BY1PPF2B7E22D95 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Date: Fri, 02 Dec 2022 21:44:56 GMT
Content-Length: 0
Set-Cookie: __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; Domain=office365.apps.maxsolutions.com.au; Path=/; Secure; HttpOnly
__SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; Domain=office365.apps.maxsolutions.com.au; Path=/; Secure; HttpOnly
__SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$; Domain=office365.apps.maxsolutions.com.au; Path=/; Secure; HttpOnly
__SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:44:57 GMT; SameSite=Lax; Secure; HttpOnly
signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
3.104.248.170200 OK 56 kB URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
IP 3.104.248.170:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (11648), with CRLF, LF line terminators
Hash c25fe96d19a86b792f7790800eb83c66
66aea3902fdaeba46727da63a6f0e024bbe6742d
2a983262e136f34894f0ff9fb07512f6d5799c4f0a50a5d4a6e27f6c28529045
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /?lic=1 HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
X-Frame-Options: deny
X-UA-Compatible: IE=edge, chrome=1
x-ms-amserver: wcuXXXX00AH (2.0.2654.1)
x-ms-amserver-tm: 109ms
x-ms-request-id: 1de49d51-9c6b-408a-af0f-c38e7f1d888f
Link: <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=dns-prefetch, <https://acctcdn.msftauth.net>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net>; rel=dns-prefetch, <https://acctcdnvzeuno.azureedge.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
Referrer-Policy: strict-origin-when-cross-origin
AMServer: wcuXXXXfd0000AH
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 1DE49D519C6B408AAF0FC38E7F1D888F Ref B: SYD03EDGE1521 Ref C: 2022-12-02T21:44:56Z
Date: Fri, 02 Dec 2022 21:44:56 GMT
Set-Cookie: __SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:44:57 GMT; SameSite=Lax; Secure; HttpOnly
Transfer-Encoding: chunked
signup-live-com.office365.apps.maxsolutions.com.au/__sf_resource/_/__sf_event_listener_hook.js
3.104.248.170200 OK 1.8 kB URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/__sf_resource/_/__sf_event_listener_hook.js
IP 3.104.248.170:0
Hash 1f737f56e7bdc64e8b061b77939eee2a
e6f0b0fb1d97fbf1ad5b269ecdec27ca321c8da5
a860b9561b1615b3dca00ef253ebc8f398b346e13042dc6bef68ccac5da536ad
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /__sf_resource/_/__sf_event_listener_hook.js HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/javascript
Cache-Control: max-age=21600
X-Content-Type-Options: nosniff
Content-Length: 1849
signup-live-com.office365.apps.maxsolutions.com.au/__sf_resource/_/__sf_ajax_hook.js
3.104.248.170200 OK 6.3 kB URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/__sf_resource/_/__sf_ajax_hook.js
IP 3.104.248.170:0
Hash f969bab2aeac15ae39a5d1f81e7b5b76
3b2c77372698e7d3bc391f11d1c6632464973e33
198126ad3f4d583b32e828ed9c86a9ef0a3b7e2c8292b1422cd931a722da5418
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /__sf_resource/_/__sf_ajax_hook.js HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/javascript
Cache-Control: max-age=21600
X-Content-Type-Options: nosniff
Content-Length: 6334
acctcdn.msauth.net/converged_ux_v2_Ma-Y6dtT0J9mCCtSZCtq_w2.css?v=1
152.199.21.175200 OK 18 kB URL HTTP/2 acctcdn.msauth.net/converged_ux_v2_Ma-Y6dtT0J9mCCtSZCtq_w2.css?v=1
IP 152.199.21.175:0
File type ASCII text, with very long lines (61169)
Hash 494fd9a5c87d6a6da19bcd37667e8608
f90cfef14de9e45a9895514740c3261d1fb75f32
83758b04a8e22ca019cb8da83b37a7ee78b24293f9d80b22b5744e12db083c8c
GET /converged_ux_v2_Ma-Y6dtT0J9mCCtSZCtq_w2.css?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 174784
cache-control: public, max-age=604800
content-md5: SU/Zpch9am2hm803Zn6GCA==
content-type: text/css
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DAD101199D22DA
last-modified: Mon, 28 Nov 2022 05:26:28 GMT
server: ECAcc (ska/F74E)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1a3aedbc-d01e-0045-3f00-053786000000
x-ms-version: 2009-09-19
content-length: 17695
X-Firefox-Spdy: h2
acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
152.199.21.175200 OK 29 kB URL HTTP/2 acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
IP 152.199.21.175:0
File type ASCII text, with very long lines (4786), with CRLF, LF line terminators
Hash a37bdbb8f418a4014c99ac1393e58a58
00c49fef2c56bc87aaf99faee903e05986234bc8
99ef7cd8bc7584b2645fa63f11e101b1377ce314d7738fa57cb886813906bbd1
GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 11822070
cache-control: public, max-age=31536000
content-md5: o3vbuPQYpAFMmawTk+WKWA==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA687E189440F2
last-modified: Mon, 18 Jul 2022 05:26:41 GMT
server: ECAcc (ska/F6BB)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9e5734ef-d01e-0021-0c11-9b5ed9000000
x-ms-version: 2009-09-19
content-length: 28582
X-Firefox-Spdy: h2
acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
152.199.21.175200 OK 7.0 kB URL HTTP/2 acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
IP 152.199.21.175:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (26083)
Hash faff58bb87410b8d2c2278e84cf335d5
6a3d2bece092bf9deb0990e60674f3d07378813c
485d48b2dd4f7d2db0f77c8ebe9bcdcd9868b55c6d6754b4276d4664e1c0c52a
GET /lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2311225
cache-control: public, max-age=31536000
content-md5: +v9Yu4dBC40sInjoTPM11Q==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DABEECE496E4BF
last-modified: Sat, 05 Nov 2022 05:16:28 GMT
server: ECAcc (ska/F74C)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 4fea85d4-c01e-0086-2192-f1c001000000
x-ms-version: 2009-09-19
content-length: 7006
X-Firefox-Spdy: h2
acctcdn.msauth.net/lightweightsignuppackage_LplbS30n9-Id7lxtZTnXQg2.js?v=1
152.199.21.175200 OK 51 kB URL HTTP/2 acctcdn.msauth.net/lightweightsignuppackage_LplbS30n9-Id7lxtZTnXQg2.js?v=1
IP 152.199.21.175:0
File type ASCII text, with very long lines (2075)
Hash 053b9692242be6539d34690cba92e360
ad48996378a6d044a4911276b18c5d224eb8d8d3
507b496e91d25047add94245f79636da6aad6261044564fa1c28576a2935c80d
GET /lightweightsignuppackage_LplbS30n9-Id7lxtZTnXQg2.js?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 171892
cache-control: public, max-age=604800
content-md5: BTuWkiQr5lOdNGkMupLjYA==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DAD1012D83DFDB
last-modified: Mon, 28 Nov 2022 05:27:01 GMT
server: ECAcc (ska/F7B6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 05e79382-501e-0024-3a07-054b78000000
x-ms-version: 2009-09-19
content-length: 51365
X-Firefox-Spdy: h2
acctcdn.msauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1
152.199.21.175200 OK 5.6 kB URL HTTP/2 acctcdn.msauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1
IP 152.199.21.175:0
File type ASCII text, with very long lines (622)
Hash b59e39f9921cafca149eb9685b51f656
ce99e1b2ca50537d61b5f6004ea2d0f528725979
72de626a972e4867b3d7a5e1e3a08812fd74c25fad1132e934ad3565ffd5ad78
GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 20823646
cache-control: public, max-age=31536000
content-md5: tZ45+ZIcr8oUnrloW1H2Vg==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA16C2C4E3322D
last-modified: Tue, 05 Apr 2022 05:11:40 GMT
server: ECAcc (ska/F6D3)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 5d094abd-f01e-0070-0a33-49e35e000000
x-ms-version: 2009-09-19
content-length: 5564
X-Firefox-Spdy: h2
acctcdn.msauth.net/images/favicon.ico?v=2
152.199.21.175200 OK 17 kB URL HTTP/2 acctcdn.msauth.net/images/favicon.ico?v=2
IP 152.199.21.175:0
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /images/favicon.ico?v=2 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 12335439
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA63F8AA285FAA
last-modified: Tue, 12 Jul 2022 11:21:28 GMT
server: ECAcc (ska/F6F5)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 43dba6e0-201e-005c-0b66-96518c000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2
acctcdn.msauth.net/oneds_CBxZrnSxLbjHuOGn7pHqpg2.js?v=1
152.199.21.175200 OK 32 kB URL HTTP/2 acctcdn.msauth.net/oneds_CBxZrnSxLbjHuOGn7pHqpg2.js?v=1
IP 152.199.21.175:0
File type ASCII text, with very long lines (44562), with CRLF, LF line terminators
Hash 4c6f6e1f39e0047fe7feb594ecd279b0
627a48606ec96971c9ac0cf6fbc5d5715b4a6b7b
837ba8a84c8ee43a847a42a39cc8bacd0911b3d0ed1fd89f4109e2333fbd3cab
GET /oneds_CBxZrnSxLbjHuOGn7pHqpg2.js?v=1 HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 17713645
cache-control: public, max-age=31536000
content-md5: TG9uHzngBH/n/rWU7NJ5sA==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA330D8D7CC074
last-modified: Wed, 11 May 2022 05:17:32 GMT
server: ECAcc (ska/F774)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3de41c52-401e-004c-057c-65eea4000000
x-ms-version: 2009-09-19
content-length: 31830
X-Firefox-Spdy: h2
acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
152.199.21.175200 OK 673 B URL HTTP/2 acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
IP 152.199.21.175:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Hash 0e176276362b94279a4492511bfcbd98
389fe6b51f62254bb98939896b8c89ebeffe2a02
9a2c174ae45cac057822844211156a5ed293e65c5f69e1d211a7206472c5c80c
GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 13881169
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA566CA04AF903
last-modified: Sat, 25 Jun 2022 05:36:17 GMT
server: ECAcc (ska/F7A9)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cba25c33-501e-0003-0857-882de5000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2
acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
152.199.21.175200 OK 179 B URL HTTP/2 acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
IP 152.199.21.175:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Hash e61f0b987e7fa04847e5c351dbe9d8de
18562b0741e8484649fa64e78990cfc97ee7a39f
016cf2a4a3fc33926feed2f2ec5ede7cc6e6b18392a10faf599314c98a742263
GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 17386494
cache-control: public, max-age=31536000
content-md5: 5h8LmH5/oEhH5cNR2+nY3g==
content-type: image/svg+xml
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA3533D7931494
last-modified: Fri, 13 May 2022 22:56:40 GMT
server: ECAcc (ska/F74F)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2f843f7a-e01e-007c-3a76-682fdd000000
x-ms-version: 2009-09-19
content-length: 179
X-Firefox-Spdy: h2
acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
152.199.21.175200 OK 3.5 kB URL HTTP/2 acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
IP 152.199.21.175:0
File type ASCII text, with very long lines (746)
Hash 1a9078eb7795cc2ab9be86d02d21a853
0cd912eee4e1fe283ad99fa0c69cdc1f32da7025
b68c76624b9979da1e4138a3570f2f944cf67343afe8ec089c15e0266e8e2d35
GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1
Host: acctcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 15535201
cache-control: public, max-age=31536000
content-md5: GpB463eVzCq5vobQLSGoUw==
content-type: application/javascript
date: Fri, 02 Dec 2022 21:44:58 GMT
etag: 0x8DA46B6B675AC6A
last-modified: Sun, 05 Jun 2022 05:46:18 GMT
server: ECAcc (ska/F744)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 0ea8066f-901e-0047-6d4c-793aeb000000
x-ms-version: 2009-09-19
content-length: 3505
X-Firefox-Spdy: h2
signup-live-com.office365.apps.maxsolutions.com.au/API/ClientEvents
3.104.248.170200 OK 991 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/API/ClientEvents
IP 3.104.248.170:0
File type JSON data\012- , ASCII text, with very long lines (991), with no line terminators
Hash 3e1dd8a75e1b208b64c827b6f5a49e20
411b35f648b46792bef9612f6deb5f014c11f44c
94c23128bf92c9ef55fcb6733184da8aa867163054b5b07bdcd41bba767c2385
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
POST /API/ClientEvents HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
hpgid: 200639
canary: 38VaqGmzjAGQJhAPWvccwuIp/+Tm9xSd5EmrLE6/hoekqJQRa3z8g2Y9AX42h22UQzgpPflCegdOsi5Wde3sWuGMVldcrF2u67uJ4uDf3ux9zmooJwnPIzC5YF6I4D3Aa9cwT85Au9B2jIq1emmGK558KvripwqsWfgPuhV0xSacYONBifNBQFs8VAQDacGNjradkmKlHNNK6s8PW776AGa9RxFVDcYpwgjQ0bY1G7hbsaiXDHfSTlfJNC36pIzV:2:3c
uaid: 1a739f869726491d9e64b23a37971e6d
tcxt: WvMPZqX3WHUHkpVCx4dfTeH5YQE0yOtKAfpNlXQ7AzrIyJhFOPZFmoFd/LYN21aRCSOBXZkUe5Flo1VmiXMayP7rYHD7CDYfLmc/+9aEZYnMNvmg2uBex5cIWDeWjn5H1rGtlvhJfBAqcELe7U5JneH8rdH0fPplFLUnijc6nLLmDHiA3xtJRC1eMK0DWs5bnC9UHOAun/pmf7ADhfhZkRNtVNUie8Fv5jGlwRvKwIM1DzUhCep4lGxyxHbsqWaUJEgCGxwBwvXQSIRp4ZUDk/vbPygW+rv4J+604T3ltv23j2ArAKX6Y18smOlji5Vo9U9aNa/TmjaiCLJACNCK4QocmkyhGBtvT+LkKmAOuiqLtBOTB2OHq8ZhpyAeifqWngn/uV4WvUNrAY4Ti9O+Fnt4EqaKvFJWFsJw7JM9KoZOi8WSsvWDF5JBWY0kJFcaqwhMmlYusWmrdW4l9GnsG6U2Y6qyOAGGgtJUPYoCgi3Z1qerFZXDOrYICQ+QmOad:2:3
x-ms-apiVersion: 3
x-ms-apiTransport: fetch
Content-Type: application/json; charset=utf-8
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Content-Length: 8836
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
X-Frame-Options: deny
x-ms-amserver: EUSXXXX004R (2.0.2654.1)
x-ms-amserver-tm: 15ms
x-ms-request-id: d3c41340-0a73-4bfc-97f8-247b7458a1d0
Referrer-Policy: strict-origin-when-cross-origin
AMServer: EUSXXXXDC00004R
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: D3C413400A734BFC97F8247B7458A1D0 Ref B: SYD03EDGE1521 Ref C: 2022-12-02T21:44:59Z
Date: Fri, 02 Dec 2022 21:44:59 GMT
Set-Cookie: __SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:45:00 GMT; SameSite=Lax; Secure; HttpOnly
Transfer-Encoding: chunked
signup-live-com.office365.apps.maxsolutions.com.au/API/ReportClientEvent?lic=1
3.104.248.170200 OK 877 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/API/ReportClientEvent?lic=1
IP 3.104.248.170:0
File type JSON data\012- , ASCII text, with very long lines (877), with no line terminators
Hash 54e1d2c5b2f3a2043ad8494457d823e4
f859cc8a6b7df9333f725ca4ec02bb57e1e5ce0c
f4eed38fe1c006cec0081712aa4706a43b7fe967c2f7904495473832d36a6dc8
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
POST /API/ReportClientEvent?lic=1 HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
Content-Type: application/json
canary: 38VaqGmzjAGQJhAPWvccwuIp/+Tm9xSd5EmrLE6/hoekqJQRa3z8g2Y9AX42h22UQzgpPflCegdOsi5Wde3sWuGMVldcrF2u67uJ4uDf3ux9zmooJwnPIzC5YF6I4D3Aa9cwT85Au9B2jIq1emmGK558KvripwqsWfgPuhV0xSacYONBifNBQFs8VAQDacGNjradkmKlHNNK6s8PW776AGa9RxFVDcYpwgjQ0bY1G7hbsaiXDHfSTlfJNC36pIzV:2:3c
x-ms-apiVersion: 2
x-ms-apiTransport: xhr
uiflvr: 1001
scid: 100118
hpgid: 200639
uaid: 1a739f869726491d9e64b23a37971e6d
tcxt: WvMPZqX3WHUHkpVCx4dfTeH5YQE0yOtKAfpNlXQ7AzrIyJhFOPZFmoFd/LYN21aRCSOBXZkUe5Flo1VmiXMayP7rYHD7CDYfLmc/+9aEZYnMNvmg2uBex5cIWDeWjn5H1rGtlvhJfBAqcELe7U5JneH8rdH0fPplFLUnijc6nLLmDHiA3xtJRC1eMK0DWs5bnC9UHOAun/pmf7ADhfhZkRNtVNUie8Fv5jGlwRvKwIM1DzUhCep4lGxyxHbsqWaUJEgCGxwBwvXQSIRp4ZUDk/vbPygW+rv4J+604T3ltv23j2ArAKX6Y18smOlji5Vo9U9aNa/TmjaiCLJACNCK4QocmkyhGBtvT+LkKmAOuiqLtBOTB2OHq8ZhpyAeifqWngn/uV4WvUNrAY4Ti9O+Fnt4EqaKvFJWFsJw7JM9KoZOi8WSsvWDF5JBWY0kJFcaqwhMmlYusWmrdW4l9GnsG6U2Y6qyOAGGgtJUPYoCgi3Z1qerFZXDOrYICQ+QmOad:2:3
Content-Length: 537
Origin: https://signup-live-com.office365.apps.maxsolutions.com.au
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
X-Frame-Options: deny
x-ms-amserver: EUSXXXX004Q (2.0.2654.1)
x-ms-amserver-tm: 15ms
x-ms-request-id: c9dbae94-92a2-4327-b566-bb0d7d949c3a
Referrer-Policy: strict-origin-when-cross-origin
AMServer: EUSXXXXDC00004Q
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: C9DBAE9492A24327B566BB0D7D949C3A Ref B: SYD03EDGE0918 Ref C: 2022-12-02T21:44:59Z
Date: Fri, 02 Dec 2022 21:45:00 GMT
Set-Cookie: __SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:45:00 GMT; SameSite=Lax; Secure; HttpOnly
Transfer-Encoding: chunked
signup-live-com.office365.apps.maxsolutions.com.au/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
3.104.248.170200 OK 0 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
IP 3.104.248.170:0
Analyzer Verdict Alert openphish Outlook
fortinet Phishing
GET /Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
X-Moz: prefetch
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Length: 1464
Content-Type: image/svg+xml
Content-Encoding: gzip
Last-Modified: Tue, 15 Nov 2022 19:10:32 GMT
Accept-Ranges: bytes
ETag: "04a0ee25f9d81:0"
Vary: Accept-Encoding
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
AMServer: wusXXXXfd0000F6
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 60C97ADE4CB84476B12E986F30FA30B1 Ref B: SYD03EDGE1521 Ref C: 2022-12-02T21:44:59Z
Date: Fri, 02 Dec 2022 21:44:58 GMT
Set-Cookie: __SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:44:59 GMT; SameSite=Lax; Secure; HttpOnly
signup-live-com.office365.apps.maxsolutions.com.au/Resources/images/favicon.ico
3.104.248.170200 OK 0 B URL HTTP/1.1 signup-live-com.office365.apps.maxsolutions.com.au/Resources/images/favicon.ico
IP 3.104.248.170:0
Analyzer Verdict Alert openphish Outlook
GET /Resources/images/favicon.ico HTTP/1.1
Host: signup-live-com.office365.apps.maxsolutions.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://signup-live-com.office365.apps.maxsolutions.com.au/?lic=1
X-Moz: prefetch
Connection: keep-alive
Cookie: __SF__sessionId=5b5a2a9a7c0ba01010b1bbd371fc2a; __SF__.live.com/amsc=GGGh/FiHFa4FQKSumO6ldtYC3udYPOzB/6o+Kgg7CznZQPqRHX32HrdaqmsFTU9+o74pbZJyy70FiPblK3hc6OTxEFr75GaR4V4w3rJUjfV9IKYt/KDtvLS7PKb0IYuZB7RMVIXBUTX/2GJ3mZPgMbP3TSnzADZVfc2xFQJuUkjcLTEytIej5l/ZTvlNyC52YI9OSBapQSGhtLZceoH9AU5eCKtCrO+HDmTvHboAREn6E7Wk737eZm6S+wWPNdAkeTIXvU3FIGba7ZXV83kNkxCORC3ay7DnJOgudbave4w=:2:3c; __SF__sfbid=pNhACJlO9Z9fddde9e; __SF__login.live.com/uaid=1a739f869726491d9e64b23a37971e6d; __SF__login.live.com/MSPRequ=id=68692<=1670017496&co=1; __SF__login.live.com/OParams=11O.DUpYijpDbK2qUXA8Y6qx4yAOGwxqcDkazAaeMEAly5bSwmdUtfhOwNSHRxDgFa5MMgtpiQL82WZjkjUNeHe57dZk!Kzo9g1lVA2KDZg2GjfgmGdAWg5VJQPpiG4LYzErIrRcx70BrhqGd1TPaQ0i4beBXuDtBq!rhxZ2eqDxOarKfHIMN5MHe9KCqSwpd45lRNDisICBNIKOQLXUXkXIu10uH4c8eVrQHTPcS6yztDTiDYoR!zsG3OVnz2LpGEmhVTI4su7Hf6c!2bZA3slgR6PoEshwnzdIqFkyuRBRGtEvKWcE*czC52r2MDIrf4jK1GvH7NgqjkLWQ8odjRr30D8$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Length: 17174
Content-Type: image/x-icon
Last-Modified: Tue, 15 Nov 2022 19:10:32 GMT
Accept-Ranges: bytes
ETag: "04a0ee25f9d81:0"
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
AMServer: EUSXXXXDC00005F
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A5EDDD187600446AA591532784543ED8 Ref B: SYD03EDGE1722 Ref C: 2022-12-02T21:44:59Z
Date: Fri, 02 Dec 2022 21:44:59 GMT
Set-Cookie: __SF__sfbid=pNhACJlO9Z9fddde9e; Domain=apps.maxsolutions.com.au; Path=/; Expires=Mon, 29 Nov 2032 21:44:59 GMT; SameSite=Lax; Secure; HttpOnly