adfs4eu.sts.altareturn.com Open in urlscan Pro
137.116.215.151 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://praesidium.altareturn.com/
Effective URL:
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn...
Submission: On March 21 via api (March 21st 2024, 5:13:57 pm UTC) from US — Scanned from US

Summary HTTP 13 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 137.116.215.151, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is adfs4eu.sts.altareturn.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on March 8th 2024. Valid for: a year.

This is the only time adfs4eu.sts.altareturn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 11	13.80.175.149 13.80.175.149	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	137.116.215.151 137.116.215.151	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	20.38.101.132 20.38.101.132	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
13	3

11 13.80.175.149 (Amsterdam, Netherlands) 4 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

praesidium.altareturn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 137.116.215.151 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adfs4eu.sts.altareturn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.38.101.132 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

usadfspublic.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	altareturn.com 4 redirects praesidium.altareturn.com adfs4eu.sts.altareturn.com	88 KB
4	windows.net usadfspublic.blob.core.windows.net	4 KB
13	2

	Domain	Requested by
11	praesidium.altareturn.com	4 redirects adfs4eu.sts.altareturn.com praesidium.altareturn.com
4	usadfspublic.blob.core.windows.net	adfs4eu.sts.altareturn.com
2	adfs4eu.sts.altareturn.com	adfs4eu.sts.altareturn.com
13	3

This site contains links to these domains. Also see Links.

Domain
pwrecover.altareturn.com
www.allvuesystems.com

Subject Issuer	Validity	Valid
*.sts.altareturn.com Go Daddy Secure Certificate Authority - G2	`2024-03-08` - `2025-04-09`	a year	crt.sh
*.altareturn.com Go Daddy Secure Certificate Authority - G2	`2024-03-16` - `2025-04-16`	a year	crt.sh
*.blob.core.windows.net Microsoft Azure TLS Issuing CA 06	`2024-02-15` - `2024-06-27`	4 months	crt.sh

This page contains 2 frames:

Primary Page: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Frame ID: 4DA75894C8877B116566955EFADD5A40
Requests: 9 HTTP requests in this frame

Frame: https://praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/XDomain.html
Frame ID: CDB5B000069B57D412597B0364A4BFE7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page URL History Show full URLs

https://praesidium.altareturn.com/ HTTP 302
https://praesidium.altareturn.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
https://praesidium.altareturn.com/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%... HTTP 302
https://praesidium.altareturn.com/_trust/default.aspx?trust=SAML&ReturnUrl=%2f_layouts%2f15%2fAuthenticate.asp... HTTP 302
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fp... Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

89 kB
Transfer

128 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://pwrecover.altareturn.com/request20.aspx?y=P013I&portalURL=https%3A%2F%2Fpraesidium.altareturn.com
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: http://www.allvuesystems.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://praesidium.altareturn.com/ HTTP 302
https://praesidium.altareturn.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
https://praesidium.altareturn.com/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F HTTP 302
https://praesidium.altareturn.com/_trust/default.aspx?trust=SAML&ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F HTTP 302
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request ls Show response
adfs4eu.sts.altareturn.com/adfs/
Redirect Chain

https://praesidium.altareturn.com/
https://praesidium.altareturn.com/_layouts/15/Authenticate.aspx?Source=%2F
https://praesidium.altareturn.com/_login/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
https://praesidium.altareturn.com/_trust/default.aspx?trust=SAML&ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=%2F
https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F

41 KB
41 KB

496ms
148ms

Document
text/html

137.116.215.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

137.116.215.151 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

7ef93b1639c40ff8669514c8e9bec3b50e66842c543b59dcde28c9082c06ed6d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-cache,no-store
Content-Length: 41579
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Content-Type: text/html; charset=utf-8
Date: Thu, 21 Mar 2024 17:13:52 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
X-Frame-Options: DENY

Redirect headers

Cache-Control: private, no-store
Content-Length: 313
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Content-Type: text/html; charset=utf-8
Location: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Referrer-Policy: origin
SPIisLatency: 0
SPRequestDuration: 173
SPRequestGuid: e14217a1-fb4f-d005-0417-2b29ba68b432
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Security-Policy: default-src self
X-Content-Type-Options: nosniff nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-SharePointHealthScore: 0
X-XSS-Protection: 1; mode=block
request-id: e14217a1-fb4f-d005-0417-2b29ba68b432

GET
H/1.1 200
OK style.css
adfs4eu.sts.altareturn.com/adfs/portal/css/ 8 KB
9 KB 219ms
115ms Stylesheet
text/css 137.116.215.151
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://adfs4eu.sts.altareturn.com/adfs/portal/css/style.css?id=C3B479A1B9F337DB2A39B7BD8C409ABA0D6C5E5775895D8F89B5D432D8575240

Requested by

Host: adfs4eu.sts.altareturn.com
URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

137.116.215.151 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

d745cddeac4692b29a4b941acf7455a34d2237e5301507b7626773d88ba79255

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Date: Thu, 21 Mar 2024 17:13:52 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: C3B479A1B9F337DB2A39B7BD8C409ABA0D6C5E5775895D8F89B5D432D8575240
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Allow-Credentials: true
Content-Length: 8609
Expires: Sat, 20 Apr 2024 17:13:53 GMT

GET
H/1.1 200
OK xdomain.js Show response
praesidium.altareturn.com/_layouts/CrmPortalInteraction/Scripts/ 30 KB
9 KB 141ms
140ms Script
application/javascript 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://praesidium.altareturn.com/_layouts/CrmPortalInteraction/Scripts/xdomain.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5c720edede7a94d6aba08c87b3c8b356438de52e433b33dc9ea7d290207868ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Content-Length: 8066
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
Referrer-Policy: origin
Last-Modified: Wed, 24 May 2023 09:26:18 GMT
ETag: "0994ccb218ed91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Content-Security-Policy: default-src self

GET
H/1.1 404
The specified blob does not exist. praesidium.css
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ 0
0 182ms
45ms Stylesheet
application/xml 20.38.101.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/praesidium.css
Requested by: Host: adfs4eu.sts.altareturn.com
URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.38.101.132 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-request-id: c83bbaba-201e-0025-0db3-7b4a49000000
Date: Thu, 21 Mar 2024 17:13:52 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 404
The specified blob does not exist. praesidium.js
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ 0
0 183ms
44ms Script
application/xml 20.38.101.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/praesidium.js
Requested by: Host: adfs4eu.sts.altareturn.com
URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.38.101.132 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer: https://adfs4eu.sts.altareturn.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ms-request-id: dfffb827-b01e-00ce-0bb3-7bb4b5000000
Date: Thu, 21 Mar 2024 17:13:53 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK allvue_logo_big.png
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ 2 KB
2 KB 183ms
45ms Image
image/png 20.38.101.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/allvue_logo_big.png
Requested by: Host: adfs4eu.sts.altareturn.com
URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.38.101.132 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 118b378233ea9ff0233efbf2fca449b11d9a49718c482e47b057106fe0f4566f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 21 Mar 2024 17:13:52 GMT
Last-Modified: Wed, 04 Mar 2020 15:11:17 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D7C04E49FA857E
Content-Type: image/png
x-ms-request-id: 45ec49cc-e01e-00dd-29b3-7b8154000000
x-ms-version: 2009-09-19
Content-Length: 2123

GET
H/1.1 200
OK allvue_logo_small_black.png
usadfspublic.blob.core.windows.net/adfs4loginpageresource/ 1 KB
2 KB 185ms
45ms Image
image/png 20.38.101.132
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/allvue_logo_small_black.png
Requested by: Host: adfs4eu.sts.altareturn.com
URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.38.101.132 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: dc97de0973bb5e64b69b52bfc88d1a3efbee7efa621fde292927632e068e82d5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 21 Mar 2024 17:13:52 GMT
Last-Modified: Mon, 09 Aug 2021 09:21:39 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: QehpeHr3mQasubQPwwSSTw==
ETag: 0x8D95B1718220C2B
Content-Type: image/png
x-ms-request-id: 71663a29-c01e-00c1-34b3-7b5943000000
x-ms-version: 2009-09-19
Content-Length: 1364

GET
H/1.1 200
OK XDomain.html Show response
praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/ Frame CDB5 467 B
1 KB 294ms
293ms Document
text/html 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/XDomain.html

Requested by

Host: praesidium.altareturn.com
URL: https://praesidium.altareturn.com/_layouts/CrmPortalInteraction/Scripts/xdomain.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b4012e15e7612a5a5dd67ea437f62d2886d057eb4b413013127e2867f126e433

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://adfs4eu.sts.altareturn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 443
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Content-Type: text/html
ETag: "e58a56cb218ed91:0"
Last-Modified: Wed, 24 May 2023 09:26:18 GMT
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Referrer-Policy: origin
SPIisLatency: 0
SPRequestDuration: 177
SPRequestGuid: e14217a1-eb9c-d005-0417-2d5203e5ef89
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Accept-Encoding
X-Content-Security-Policy: default-src self
X-Content-Type-Options: nosniff nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-SharePointHealthScore: 0
X-XSS-Protection: 1; mode=block
request-id: e14217a1-eb9c-d005-0417-2d5203e5ef89

GET
H/1.1 200
OK xdomain.js Show response
praesidium.altareturn.com/_layouts/15/CrmPortalInteraction/Scripts/ Frame CDB5 30 KB
9 KB 139ms
139ms Script
application/javascript 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://praesidium.altareturn.com/_layouts/15/CrmPortalInteraction/Scripts/xdomain.js

Requested by

Host: praesidium.altareturn.com
URL: https://praesidium.altareturn.com/_layouts/CRMPortalInteraction/Pages/XDomain.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5c720edede7a94d6aba08c87b3c8b356438de52e433b33dc9ea7d290207868ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://praesidium.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Content-Length: 8066
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
Referrer-Policy: origin
Last-Modified: Wed, 24 May 2023 09:26:18 GMT
ETag: "0994ccb218ed91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Content-Security-Policy: default-src self

POST
H/1.1 200
OK GetLoginRecords Show response
praesidium.altareturn.com/_layouts/CBALogin/LoginIP_enus.aspx/ Frame CDB5 5 KB
2 KB 542ms
541ms XHR
application/json 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://praesidium.altareturn.com/_layouts/CBALogin/LoginIP_enus.aspx/GetLoginRecords

Requested by

Host: praesidium.altareturn.com
URL: https://praesidium.altareturn.com/_layouts/15/CrmPortalInteraction/Scripts/xdomain.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b401c2262b9249c8b89e8b1c00e1ea50459c381243fef8acef2fc5d48e9da193

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://praesidium.altareturn.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/json

Response headers

Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
X-SharePointHealthScore: 0
request-id: e14217a1-6bbd-d005-0417-2df2a5d1b92f
Content-Length: 1792
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
Referrer-Policy: origin
SPRequestGuid: e14217a1-6bbd-d005-0417-2df2a5d1b92f
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: private, max-age=0
X-Content-Security-Policy: default-src self

GET
H/1.1 404
Not Found Praesidium_Logo.png
praesidium.altareturn.com/_layouts/images/CBALogin/ 0
503 B 144ms
143ms Image
text/plain 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://praesidium.altareturn.com/_layouts/images/CBALogin/Praesidium_Logo.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
Referrer-Policy: origin
Content-Length: 0
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-Content-Security-Policy: default-src self

GET
H/1.1 200
OK loginPageSettings.txt Show response
praesidium.altareturn.com/Style%20Library/Images/ Frame CDB5 303 B
2 KB 466ms
322ms XHR
text/plain 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://praesidium.altareturn.com/Style%20Library/Images/loginPageSettings.txt?mobile=0

Requested by

Host: praesidium.altareturn.com
URL: https://praesidium.altareturn.com/_layouts/15/CrmPortalInteraction/Scripts/xdomain.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e924c69ab042c0aae8c650decb4def5a328f9d00d08f96d4b8670420e01c0bc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://praesidium.altareturn.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/json

Response headers

X-Content-Security-Policy: default-src self
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
SPIisLatency: 0
X-SharePointHealthScore: 0
ResourceTag: rt:E8337275-7286-4609-BD36-9DDEFA1C2821@00000000006
Public-Extension: http://schemas.microsoft.com/repl-2
request-id: e14217a1-9be8-d005-0417-2363621b4828
Content-Length: 304
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 205
Referrer-Policy: origin
Last-Modified: Mon, 04 Sep 2023 14:17:20 GMT
SPRequestGuid: e14217a1-9be8-d005-0417-2363621b4828
ETag: "{E8337275-7286-4609-BD36-9DDEFA1C2821},6"
Vary: Accept-Encoding
Content-Type: text/plain
Cache-Control: private,max-age=0
Accept-Ranges: bytes
Expires: Wed, 06 Mar 2024 17:13:54 GMT

GET
H/1.1 200
OK praesidium-logo_340x60.png
praesidium.altareturn.com/Style%20Library/Images/ 11 KB
12 KB 154ms
154ms Image
image/png 13.80.175.149
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://praesidium.altareturn.com/Style%20Library/Images/praesidium-logo_340x60.png?mobile=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.80.175.149 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8a42ba08111d5cd2cdfad7b0955cfb110e051a9ef182df88ebe29a278fa7c9ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
Public-Key-Pins	pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Security-Policy	default-src self
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://adfs4eu.sts.altareturn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

X-Content-Security-Policy: default-src self
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Security-Policy: frame-ancestors *.altareturn.com *.allvuecloud.com
X-Content-Type-Options: nosniff, nosniff
SPIisLatency: 0
X-SharePointHealthScore: 0
ResourceTag: rt:558D656F-F568-42B6-9228-071255805344@00000000002
Public-Extension: http://schemas.microsoft.com/repl-2
request-id: e14217a1-3bfd-d005-0417-249b4b1bdc1e
Content-Length: 11327
X-XSS-Protection: 1; mode=block
Public-Key-Pins: pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 34
Referrer-Policy: origin
Last-Modified: Mon, 04 Sep 2023 14:17:19 GMT
SPRequestGuid: e14217a1-3bfd-d005-0417-249b4b1bdc1e
ETag: "{558D656F-F568-42B6-9228-071255805344},2"
Content-Type: image/png
Cache-Control: private,max-age=0
Accept-Ranges: bytes
Expires: Wed, 06 Mar 2024 17:13:54 GMT

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			praesidium.altareturn.com/	1969-12-31 23:59:59	Name: mobile Value: 0
			praesidium.altareturn.com/	1969-12-31 23:59:59	Name: TS0168937d Value: 01320c471b25fdfbc7ee05754c0e809589afc967eecf9ceb325aec35c8db9ab2818740baf57a1fc379b12d572e371ef25c6e87deb3cce4fae18e16457da1d31f926df4a3450db283b3a795311860bbcefefa97864c

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://adfs4eu.sts.altareturn.com/adfs/ls?wa=wsignin1.0&wtrealm=urn%3aportal%3apraesidium&wctx=https%3a%2f%2fpraesidium.altareturn.com%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F(Line 988) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/praesidium.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/praesidium.css Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://usadfspublic.blob.core.windows.net/adfs4loginpageresource/praesidium.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://praesidium.altareturn.com/_layouts/images/CBALogin/Praesidium_Logo.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .altareturn.com .allvuecloud.com
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adfs4eu.sts.altareturn.com
praesidium.altareturn.com
usadfspublic.blob.core.windows.net
13.80.175.149
137.116.215.151
20.38.101.132
118b378233ea9ff0233efbf2fca449b11d9a49718c482e47b057106fe0f4566f
5c720edede7a94d6aba08c87b3c8b356438de52e433b33dc9ea7d290207868ab
5e924c69ab042c0aae8c650decb4def5a328f9d00d08f96d4b8670420e01c0bc
7ef93b1639c40ff8669514c8e9bec3b50e66842c543b59dcde28c9082c06ed6d
8a42ba08111d5cd2cdfad7b0955cfb110e051a9ef182df88ebe29a278fa7c9ef
b4012e15e7612a5a5dd67ea437f62d2886d057eb4b413013127e2867f126e433
b401c2262b9249c8b89e8b1c00e1ea50459c381243fef8acef2fc5d48e9da193
d745cddeac4692b29a4b941acf7455a34d2237e5301507b7626773d88ba79255
dc97de0973bb5e64b69b52bfc88d1a3efbee7efa621fde292927632e068e82d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

adfs4eu.sts.altareturn.com Open in urlscan Pro 137.116.215.151 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

89 kBTransfer

128 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

2 Cookies

4 Console Messages

Security Headers

Indicators

adfs4eu.sts.altareturn.com Open in urlscan Pro
137.116.215.151 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

89 kB
Transfer

128 kB
Size

2
Cookies

13 HTTP transactions
0 data transactions