login.microsoftonline.com
Open in
urlscan Pro
20.190.159.70
Public Scan
Effective URL: https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22JLHSoEKFqMRPRSsOXNDGW...
Submission: On February 10 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on December 1st 2022. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 14 | 204.148.166.54 204.148.166.54 | 701 (UUNET) (UUNET) | |
2 | 2a00:1450:400... 2a00:1450:400d:80d::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400d:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
3 | 20.190.159.70 20.190.159.70 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
14 | 2620:1ec:4f:1... 2620:1ec:4f:1::44 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 40.126.31.70 40.126.31.70 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2603:1026:300... 2603:1026:3000:148::c | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 51.105.71.137 51.105.71.137 | () () | |
33 | 8 |
ASN701 (UUNET, US)
PTR: RITE-RUG-CO-.customer.alter.net
vpn2.riterug.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
autologon.microsoftazuread-sso.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1139 |
296 KB |
14 |
riterug.com
5 redirects
vpn2.riterug.com |
392 KB |
3 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 20 |
108 KB |
2 |
microsoft.com
browser.events.data.microsoft.com |
1 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32 |
2 KB |
1 |
microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1501 |
1 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 92 |
|
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
33 | 8 |
Domain | Requested by | |
---|---|---|
14 | aadcdn.msauth.net |
login.microsoftonline.com
aadcdn.msauth.net |
14 | vpn2.riterug.com |
5 redirects
vpn2.riterug.com
|
3 | login.microsoftonline.com |
login.microsoftonline.com
aadcdn.msauth.net |
2 | browser.events.data.microsoft.com |
aadcdn.msauth.net
|
2 | fonts.googleapis.com |
vpn2.riterug.com
|
1 | autologon.microsoftazuread-sso.com | |
1 | login.live.com |
login.microsoftonline.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
33 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
vpn2.riterug.com R3 |
2022-12-30 - 2023-03-30 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-01-31 - 2023-04-25 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-01-31 - 2023-04-25 |
3 months | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2022-12-01 - 2023-12-01 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2023-01-27 - 2024-01-27 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
autologon.microsoftazuread-sso.com DigiCert SHA2 Secure Server CA |
2023-01-02 - 2024-01-02 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 06 |
2022-12-07 - 2023-12-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22JLHSoEKFqMRPRSsOXNDGWRdLiV1sp8DbkwYqcaHX0ezMfNKWl59dGx3QeW3NnLCEksuqXPThzTzhe48%2BRIPB%2BDnpnREWvPbCQIdeBCk2i%2Fs7wRMq9s4GK21LfszCQ9eevwDv0YWhk0TPp%2FJBJ9FqOSevBRQyU2qW8yZTFCazLMsBCwaDxlTNaT2lqC4mBQwH3ve4Mj6ACUMG5ZOY8pjRLeNikguWJRfF9IVEy4FFGwhj1VsIey%2FStLU7bZJOS2e9VcGaVhtMpO3ShiOr8yaLG05VPMW8iGFW5zGTDUxntYQMaHrk5CRa%2F%2BJfadNosztPXv%2BYvLjdbtfx%2BnGzJVV5DBIjiatO2w57wxOnA7p%2BN04q07%2B28mGIXi3XttXyK7qxroPwfzNL2KjoJlajVfTG71FqpbEh0aJt7ce1Qwg4J8H1SNKqTP%2B%2BQfUN&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=l5ChSvfTAGewMmjniKC1EHEVvcqx92qMzAwtZBg6ES0IyvTrM%2F%2FcDf9dj5Twpp2SZP2gqI4F%2FRqwc09FbT5t0ufrLd52vDGXZnn0KTACep%2BgunDOS%2FmL9gyYrwCcPjMflajpE2Ga6I9mZy3RTn8uikv2lsIFLL0fEE%2FraitLK5bQDoAoxvMfFA1d4E61wPVhjG49bhu5SIDGLp6%2FVGuKXy6%2FOE0dERs4a9HLBvn7ci3qo6bb7dthvG4edxPAjQmCsvgrRQqyTckq2I7HkI6OB82fHLJSb59LtUgetCEG7vKgPXjnyF81oR48IWz8RQVtW5iUp4Soj4YxXffuqCNYkw%3D%3D&sso_reload=true
Frame ID: 9FEAC5F757313717599D1710BCF0236C
Requests: 32 HTTP requests in this frame
Screenshot
Page Title
Bei Ihrem Konto anmeldenPage URL History Show full URLs
-
https://vpn2.riterug.com/
HTTP 302
https://vpn2.riterug.com/workplace/access/home HTTP 302
https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatorpage?success=%2F__extraweb__EPCmicrointerrog... Page URL
-
https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatordata?success=%2Fworkplace%2Faccess%2Fhome&al...
HTTP 302
https://vpn2.riterug.com/workplace/access/home HTTP 302
https://vpn2.riterug.com/__extraweb__authen?id=vDaqDsSj5RI%3D&alias=workplace&resource=%2Fworkplace%2... HTTP 302
https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22J... Page URL
- https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22J... Page URL
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutz & Cookies
Search URL Search Domain Scan URL
Title: Haftungsausschluss
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://vpn2.riterug.com/
HTTP 302
https://vpn2.riterug.com/workplace/access/home HTTP 302
https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatorpage?success=%2F__extraweb__EPCmicrointerrogatordata%3Fsuccess%3D%252Fworkplace%252Faccess%252Fhome%26alias%3Dworkplace&alias=workplace Page URL
-
https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatordata?success=%2Fworkplace%2Faccess%2Fhome&alias=workplace
HTTP 302
https://vpn2.riterug.com/workplace/access/home HTTP 302
https://vpn2.riterug.com/__extraweb__authen?id=vDaqDsSj5RI%3D&alias=workplace&resource=%2Fworkplace%2Faccess%2Fhome&realm=144 HTTP 302
https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22JLHSoEKFqMRPRSsOXNDGWRdLiV1sp8DbkwYqcaHX0ezMfNKWl59dGx3QeW3NnLCEksuqXPThzTzhe48%2BRIPB%2BDnpnREWvPbCQIdeBCk2i%2Fs7wRMq9s4GK21LfszCQ9eevwDv0YWhk0TPp%2FJBJ9FqOSevBRQyU2qW8yZTFCazLMsBCwaDxlTNaT2lqC4mBQwH3ve4Mj6ACUMG5ZOY8pjRLeNikguWJRfF9IVEy4FFGwhj1VsIey%2FStLU7bZJOS2e9VcGaVhtMpO3ShiOr8yaLG05VPMW8iGFW5zGTDUxntYQMaHrk5CRa%2F%2BJfadNosztPXv%2BYvLjdbtfx%2BnGzJVV5DBIjiatO2w57wxOnA7p%2BN04q07%2B28mGIXi3XttXyK7qxroPwfzNL2KjoJlajVfTG71FqpbEh0aJt7ce1Qwg4J8H1SNKqTP%2B%2BQfUN&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=l5ChSvfTAGewMmjniKC1EHEVvcqx92qMzAwtZBg6ES0IyvTrM%2F%2FcDf9dj5Twpp2SZP2gqI4F%2FRqwc09FbT5t0ufrLd52vDGXZnn0KTACep%2BgunDOS%2FmL9gyYrwCcPjMflajpE2Ga6I9mZy3RTn8uikv2lsIFLL0fEE%2FraitLK5bQDoAoxvMfFA1d4E61wPVhjG49bhu5SIDGLp6%2FVGuKXy6%2FOE0dERs4a9HLBvn7ci3qo6bb7dthvG4edxPAjQmCsvgrRQqyTckq2I7HkI6OB82fHLJSb59LtUgetCEG7vKgPXjnyF81oR48IWz8RQVtW5iUp4Soj4YxXffuqCNYkw%3D%3D Page URL
- https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22JLHSoEKFqMRPRSsOXNDGWRdLiV1sp8DbkwYqcaHX0ezMfNKWl59dGx3QeW3NnLCEksuqXPThzTzhe48%2BRIPB%2BDnpnREWvPbCQIdeBCk2i%2Fs7wRMq9s4GK21LfszCQ9eevwDv0YWhk0TPp%2FJBJ9FqOSevBRQyU2qW8yZTFCazLMsBCwaDxlTNaT2lqC4mBQwH3ve4Mj6ACUMG5ZOY8pjRLeNikguWJRfF9IVEy4FFGwhj1VsIey%2FStLU7bZJOS2e9VcGaVhtMpO3ShiOr8yaLG05VPMW8iGFW5zGTDUxntYQMaHrk5CRa%2F%2BJfadNosztPXv%2BYvLjdbtfx%2BnGzJVV5DBIjiatO2w57wxOnA7p%2BN04q07%2B28mGIXi3XttXyK7qxroPwfzNL2KjoJlajVfTG71FqpbEh0aJt7ce1Qwg4J8H1SNKqTP%2B%2BQfUN&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=l5ChSvfTAGewMmjniKC1EHEVvcqx92qMzAwtZBg6ES0IyvTrM%2F%2FcDf9dj5Twpp2SZP2gqI4F%2FRqwc09FbT5t0ufrLd52vDGXZnn0KTACep%2BgunDOS%2FmL9gyYrwCcPjMflajpE2Ga6I9mZy3RTn8uikv2lsIFLL0fEE%2FraitLK5bQDoAoxvMfFA1d4E61wPVhjG49bhu5SIDGLp6%2FVGuKXy6%2FOE0dERs4a9HLBvn7ci3qo6bb7dthvG4edxPAjQmCsvgrRQqyTckq2I7HkI6OB82fHLJSb59LtUgetCEG7vKgPXjnyF81oR48IWz8RQVtW5iUp4Soj4YxXffuqCNYkw%3D%3D&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://vpn2.riterug.com/ HTTP 302
- https://vpn2.riterug.com/workplace/access/home HTTP 302
- https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatorpage?success=%2F__extraweb__EPCmicrointerrogatordata%3Fsuccess%3D%252Fworkplace%252Faccess%252Fhome%26alias%3Dworkplace&alias=workplace
- https://vpn2.riterug.com/__extraweb__EPCmicrointerrogatordata?success=%2Fworkplace%2Faccess%2Fhome&alias=workplace HTTP 302
- https://vpn2.riterug.com/workplace/access/home HTTP 302
- https://vpn2.riterug.com/__extraweb__authen?id=vDaqDsSj5RI%3D&alias=workplace&resource=%2Fworkplace%2Faccess%2Fhome&realm=144 HTTP 302
- https://login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/saml2?SAMLRequest=fZLNTsMwEIRfJfI9ie22JLHSoEKFqMRPRSsOXNDGWRdLiV1sp8DbkwYqcaHX0ezMfNKWl59dGx3QeW3NnLCEksuqXPThzTzhe48%2BRIPB%2BDnpnREWvPbCQIdeBCk2i%2Fs7wRMq9s4GK21LfszCQ9eevwDv0YWhk0TPp%2FJBJ9FqOSevBRQyU2qW8yZTFCazLMsBCwaDxlTNaT2lqC4mBQwH3ve4Mj6ACUMG5ZOY8pjRLeNikguWJRfF9IVEy4FFGwhj1VsIey%2FStLU7bZJOS2e9VcGaVhtMpO3ShiOr8yaLG05VPMW8iGFW5zGTDUxntYQMaHrk5CRa%2F%2BJfadNosztPXv%2BYvLjdbtfx%2BnGzJVV5DBIjiatO2w57wxOnA7p%2BN04q07%2B28mGIXi3XttXyK7qxroPwfzNL2KjoJlajVfTG71FqpbEh0aJt7ce1Qwg4J8H1SNKqTP%2B%2BQfUN&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=l5ChSvfTAGewMmjniKC1EHEVvcqx92qMzAwtZBg6ES0IyvTrM%2F%2FcDf9dj5Twpp2SZP2gqI4F%2FRqwc09FbT5t0ufrLd52vDGXZnn0KTACep%2BgunDOS%2FmL9gyYrwCcPjMflajpE2Ga6I9mZy3RTn8uikv2lsIFLL0fEE%2FraitLK5bQDoAoxvMfFA1d4E61wPVhjG49bhu5SIDGLp6%2FVGuKXy6%2FOE0dERs4a9HLBvn7ci3qo6bb7dthvG4edxPAjQmCsvgrRQqyTckq2I7HkI6OB82fHLJSb59LtUgetCEG7vKgPXjnyF81oR48IWz8RQVtW5iUp4Soj4YxXffuqCNYkw%3D%3D
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
__extraweb__EPCmicrointerrogatorpage
vpn2.riterug.com/ Redirect Chain
|
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.css
vpn2.riterug.com/__extraweb__/assets/themes/DefaultWorkplaceTheme// |
34 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
vpn2.riterug.com/__extraweb__/assets/themes/DefaultWorkplaceTheme// |
131 KB 131 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 928 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 612 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
template.js
vpn2.riterug.com/__extraweb__/ |
9 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sniffer.js
vpn2.riterug.com/preauthMI/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microinterrogator.js
vpn2.riterug.com/preauthMI/ |
759 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_sky.png
vpn2.riterug.com/__extraweb__/assets/themes/DefaultWorkplaceTheme// |
167 KB 168 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_leftpanel.svg
vpn2.riterug.com/__extraweb__/assets/themes/DefaultWorkplaceTheme// |
718 B 993 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
av-default-logo.png
vpn2.riterug.com/__extraweb__/assets/themes/DefaultWorkplaceTheme// |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
fonts.gstatic.com/s/nunito/v25/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saml2
login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/ Redirect Chain
|
152 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
saml2
login.microsoftonline.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/ |
198 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_NnFX4S8X6vb-OgGnD82WNA2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
393 KB 111 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_641b1cf809bdc17b42ab.js
aadcdn.msauth.net/shared/1.0/content/js/ |
186 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_f3782014f3739160dbfd.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
107 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-de.min_egm72xgxis3arkcshl_vsg2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
0 15 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_85acbcb9234972130506.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssoprobe
autologon.microsoftazuread-sso.com/d2e1b8d7-d20f-4e89-a5b8-1cda45bca7a0/winauth/ |
12 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dssostatus
login.microsoftonline.com/common/instrumentation/ |
264 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pstringcustomizationhelper_44ba818dfa55d8749503.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
111 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
2 KB 954 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
153 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_f3782014f3739160dbfd boolean| __convergedlogin_pfetchsessionsprogress_85acbcb9234972130506 boolean| __convergedlogin_pstringcustomizationhelper_44ba818dfa55d874950318 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vpn2.riterug.com/ | Name: EXTRAWEB_STATE Value: EAABEAAGBAADaWQAEAABBAABAAQABXNzcGYAEAABBQAABAAFaG9zdAAQAAEEAAEA |
|
vpn2.riterug.com/ | Name: EXTRAWEB_REFERER Value: %252FpreauthMI%252Fsniffer.js%253Fv%253D124b33ffaaa81935 |
|
vpn2.riterug.com/ | Name: EPC_MI Value: %7cwin:1%7cwin32:1%7cwin64:1%7cx64:1%7cplatform:Windows%7cwin10:1%7cchrome:110%7cbrowser:Netscape%7cbrowserVersion:110%7cheight:1200%7cwidth:1600%7cuserAgent:mozilla%252F5.0%2520(windows%2520nt%252010.0%253B%2520win64%253B%2520x64)%2520applewebkit%252F537.36%2520(khtml%252C%2520like%2520gecko)%2520chrome%252F110.0.5481.77%2520safari%252F537.36%7cuserLocale:en-US |
|
vpn2.riterug.com/ | Name: EXTRAWEB_SAML_AUTH_DATA Value: YWxpYXM9d29ya3BsYWNlJnJlc291cmNlPSUyRndvcmtwbGFjZSUyRmFjY2VzcyUyRmhvbWUmaWQ9dkRhcURzU2o1UkklM0Q= |
|
vpn2.riterug.com/ | Name: EXTRAWEB_SAML_SESS Value: 1 |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
|
.login.microsoftonline.com/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.microsoftonline.com/ | Name: buid Value: 0.AQ4A17jh0g_SiU6luBzaRbynoHQxlGygupZHnVqOAcqXpaUOAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevr1X6-Y6_-8Z03_PvTgOwEgVBFnrr1zrLdJ2lQGCkHgiZRAKgUAT3u_6WdXdb2Ksp5_xjhq1dcZXQII4EcdfUWG0XUjFvv6_oBnmWl5WZ1FgggAA |
|
login.microsoftonline.com/ | Name: fpc Value: AvCzPRlYF31Lj8UjHEjHBXrou9rHAQAAALoxeNsOAAAA |
|
.login.microsoftonline.com/ | Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7WevrkaCsMcwUh4pV9aWgF22HU2RqCP3kyEZOXZ06vpaRUUZuspWkprmUaoJLQNmiD2ACoNEHABVnRgvWXmNO4M7UvhcVET4qwsUqocisEcWwrzNMFyGxqwBGgq2SL43a3MlLz3JAM1jExUiE52WoXPv-gNQuUcSgeDqmzX5xfyKLW08gAA |
|
.login.microsoftonline.com/ | Name: brcap Value: 0 |
|
.login.live.com/ | Name: uaid Value: be5576e6045c4855aa331ab8160f96d1 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1676032698&co=1 |
|
autologon.microsoftazuread-sso.com/ | Name: fpc Value: Agh8sIFIJrlKpcRq3MFiJ9A |
|
autologon.microsoftazuread-sso.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
autologon.microsoftazuread-sso.com/ | Name: stsservicecookie Value: estsfd |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
autologon.microsoftazuread-sso.com
browser.events.data.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
login.live.com
login.microsoftonline.com
vpn2.riterug.com
20.190.159.70
204.148.166.54
2603:1026:3000:148::c
2620:1ec:4f:1::44
2a00:1450:400d:808::2003
2a00:1450:400d:80d::200a
40.126.31.70
51.105.71.137
003ab203aa11cb3ff3da2225f34413d8b77842d2b4597f4b9349d67dab7a0a0d
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e2ef54a0f3644ed15e5b535dd3a30b94ba2cbf05631efc41039ae793c8b0efe
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
234b9bab83aa0c52e9e5192995427a2bc44876cf1a11545ed631f369b8dc6534
28fa8f3ba41d8801e3d95e7128f5b2189a4344ebee1a56d4be7a313959f608e1
29922b3646ebbc8135a1005ca89b22a56f9ca39ef8c3d2035c1cdd7a46c9160d
31ea2e887b590c396a150d4e5984d8882184d7ace61d8eaea3d3abafc1c4ac64
330c90249e7b12d89d35a3e324dba128f40898fd059377993aecdcf7db6a9686
34296d6e4e32421d904c0910b9f06d7b3a86016035e3205efa48dea37763d62d
46b33b53d4f6cbbb6da26d936bd553d4fd7b7403b87783ac4508409bd1a0640e
4c7a399887eefe2496902bd0a98c1fdce75f12d2337469c42f189d2fe9161589
5659855e98dc49c819878761676832d4a907478bd78cb4e807636ad4fe30942a
79af9d6414cc1d900d943eb4e3bfca28338a72e0931ebfd6f93dcc0d7a6abcd2
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
985542ee18f193f619ad086af621079626310abc7f6bf5dd7eef8c6e2abd6096
9fe0a5db692ff67c7cd88490a7412c379ae767708e2cf8847d9a915dd6f19141
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
bb302584429797c9594e86f1a8c4e65d8f13b94570b62e2172016fb0f1e84821
c974a0be091a8f09353472bbb41cb939e48a6796f6d0cf95686a7b4d73aa8490
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74c9fa250e78a29be1d98c38343bf215bd4ea33ad21bd076c89524faee37086