adfs4eu.sts.altareturn.com
Open in
urlscan Pro
137.116.215.151
Public Scan
Effective URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn...
Submission: On March 21 via api from US — Scanned from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 8th 2024. Valid for: a year.
This is the only time adfs4eu.sts.altareturn.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 11 | 13.80.175.149 13.80.175.149 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 137.116.215.151 137.116.215.151 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 20.38.101.132 20.38.101.132 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
13 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
praesidium.altareturn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
adfs4eu.sts.altareturn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
usadfspublic.blob.core.windows.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
altareturn.com
4 redirects
praesidium.altareturn.com adfs4eu.sts.altareturn.com |
88 KB |
4 |
windows.net
usadfspublic.blob.core.windows.net |
4 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
11 | praesidium.altareturn.com |
4 redirects
adfs4eu.sts.altareturn.com
praesidium.altareturn.com |
4 | usadfspublic.blob.core.windows.net |
adfs4eu.sts.altareturn.com
|
2 | adfs4eu.sts.altareturn.com |
adfs4eu.sts.altareturn.com
|
13 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
pwrecover.altareturn.com |
www.allvuesystems.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sts.altareturn.com Go Daddy Secure Certificate Authority - G2 |
2024-03-08 - 2025-04-09 |
a year | crt.sh |
*.altareturn.com Go Daddy Secure Certificate Authority - G2 |
2024-03-16 - 2025-04-16 |
a year | crt.sh |
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 06 |
2024-02-15 - 2024-06-27 |
4 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Frame ID: 4DA75894C8877B116566955EFADD5A40
Requests: 9 HTTP requests in this frame
Frame:
https://praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/XDomain.html
Frame ID: CDB5B000069B57D412597B0364A4BFE7
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Sign InPage URL History Show full URLs
-
https://praesidium.altareturn.com/
HTTP 302
https://praesidium.altareturn.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
https://praesidium.altareturn.com/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%... HTTP 302
https://praesidium.altareturn.com/_trust/default.aspx?trust=SAML&ReturnUrl=%2f_layouts%2f15%2fAuthenticate.asp... HTTP 302
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fp... Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Forgot your password?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://praesidium.altareturn.com/
HTTP 302
https://praesidium.altareturn.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
https://praesidium.altareturn.com/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F HTTP 302
https://praesidium.altareturn.com/_trust/default.aspx?trust=SAML&ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F HTTP 302
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
ls
adfs4eu.sts.altareturn.com/adfs/ Redirect Chain
|
41 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
adfs4eu.sts.altareturn.com/adfs/portal/css/ |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xdomain.js
praesidium.altareturn.com/_layouts/CrmPortalInteraction/Scripts/ |
30 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
praesidium.css
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ |
0 0 |
Stylesheet
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
praesidium.js
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
allvue_logo_big.png
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
allvue_logo_small_black.png
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
XDomain.html
praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/ Frame CDB5 |
467 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xdomain.js
praesidium.altareturn.com/_layouts/15/CrmPortalInteraction/Scripts/ Frame CDB5 |
30 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
GetLoginRecords
praesidium.altareturn.com/_layouts/CBALogin/LoginIP_enus.aspx/ Frame CDB5 |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Praesidium_Logo.png
praesidium.altareturn.com/_layouts/images/CBALogin/ |
0 503 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginPageSettings.txt
praesidium.altareturn.com/Style%20Library/Images/ Frame CDB5 |
303 B 2 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
praesidium-logo_340x60.png
praesidium.altareturn.com/Style%20Library/Images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login string| domain string| blobPath string| LoginFirstTimeUser string| LoginResetPasswordUrl undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| $ function| ifElementExists function| getQueryVariable string| portalHostName string| portalHost object| img object| btnSignInDisabled function| checkForValidInputs undefined| receiveMMMessage undefined| iframe undefined| btn object| linkText object| span object| a function| toggleFormVisibility function| getLoginRecords function| applyPortalConfigurationFile function| getClientsBackgroundSettings function| setClientsBackground undefined| firsttime_link undefined| forgot_link object| loadingDiv number| count number| countMaximum number| xdomain_interval function| mobileAndTabletCheck object| xhook function| xdomain2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
praesidium.altareturn.com/ | Name: mobile Value: 0 |
|
praesidium.altareturn.com/ | Name: TS0168937d Value: 01320c471b25fdfbc7ee05754c0e809589afc967eecf9ceb325aec35c8db9ab2818740baf57a1fc379b12d572e371ef25c6e87deb3cce4fae18e16457da1d31f926df4a3450db283b3a795311860bbcefefa97864c |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors *.altareturn.com *.allvuecloud.com |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adfs4eu.sts.altareturn.com
praesidium.altareturn.com
usadfspublic.blob.core.windows.net
13.80.175.149
137.116.215.151
20.38.101.132
118b378233ea9ff0233efbf2fca449b11d9a49718c482e47b057106fe0f4566f
5c720edede7a94d6aba08c87b3c8b356438de52e433b33dc9ea7d290207868ab
5e924c69ab042c0aae8c650decb4def5a328f9d00d08f96d4b8670420e01c0bc
7ef93b1639c40ff8669514c8e9bec3b50e66842c543b59dcde28c9082c06ed6d
8a42ba08111d5cd2cdfad7b0955cfb110e051a9ef182df88ebe29a278fa7c9ef
b4012e15e7612a5a5dd67ea437f62d2886d057eb4b413013127e2867f126e433
b401c2262b9249c8b89e8b1c00e1ea50459c381243fef8acef2fc5d48e9da193
d745cddeac4692b29a4b941acf7455a34d2237e5301507b7626773d88ba79255
dc97de0973bb5e64b69b52bfc88d1a3efbee7efa621fde292927632e068e82d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855