![](/screenshots/4431d00a-5480-49d8-8755-f1e125fc6d15.png)
login.microsoftonline.com
Open in
urlscan Pro
40.126.32.74
Public Scan
Effective URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On November 13 via api from IT — Scanned from CH
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 25th 2023. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.98.179.120 52.98.179.120 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 2 | 52.98.253.98 52.98.253.98 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 40.126.32.74 40.126.32.74 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
11 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
7 | 23.38.98.83 23.38.98.83 | () () | |
1 | 13.107.213.44 13.107.213.44 | () () | |
1 | 20.190.159.73 20.190.159.73 | () () | |
25 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
autodiscover.dedagroup.ch |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com | |
login.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1018 |
312 KB |
9 |
office365.com
1 redirects
outlook.office365.com — Cisco Umbrella Rank: 45 r4.res.office365.com |
694 KB |
3 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 19 |
28 KB |
1 |
microsoftazuread-sso.com
autologon.microsoftazuread-sso.com |
1 KB |
1 |
msftauthimages.net
aadcdn.msftauthimages.net |
8 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 77 |
|
1 |
dedagroup.ch
1 redirects
autodiscover.dedagroup.ch |
545 B |
25 | 7 |
Domain | Requested by | |
---|---|---|
11 | aadcdn.msftauth.net |
login.microsoftonline.com
aadcdn.msftauth.net |
7 | r4.res.office365.com |
outlook.office365.com
|
3 | login.microsoftonline.com |
aadcdn.msftauth.net
|
2 | outlook.office365.com |
1 redirects
aadcdn.msftauth.net
|
1 | autologon.microsoftazuread-sso.com | |
1 | aadcdn.msftauthimages.net | |
1 | login.live.com |
login.microsoftonline.com
|
1 | autodiscover.dedagroup.ch | 1 redirects |
25 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2023-08-25 - 2024-08-25 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-01-31 - 2024-01-31 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2023-11-11 - 2024-11-11 |
a year | crt.sh |
outlook.com DigiCert Cloud Services CA-1 |
2023-10-31 - 2024-10-30 |
a year | crt.sh |
*.res.outlook.com DigiCert SHA2 Secure Server CA |
2023-04-17 - 2024-04-17 |
a year | crt.sh |
aadcdn.msftauthimages.net Microsoft Azure RSA TLS Issuing CA 07 |
2023-09-02 - 2024-08-27 |
a year | crt.sh |
autologon.microsoftazuread-sso.com DigiCert SHA2 Secure Server CA |
2023-07-04 - 2024-07-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=cc213cfa-81b6-c629-3cdb-e5c7749d276f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=dedagroup.ch&nonce=638354853929597849.c14a4cca-741d-4cec-88c6-3ecdae14db2b&state=DctBDoIwEEDRVu9C3BQsndLpgniWYWaCJJiaKnh9u3h_960x5tpcGntvMWkKGCJgDHnMMSeE3LMHAmZyCbw4YGWHyJMLykLqQZZxse29DeVHw6Mq7a9ZVGit5Xj3_OxOmen4Ftk-XE6tfw&sso_reload=true
Frame ID: E41A0B65A5A484807A6A6DDACC49AFB6
Requests: 17 HTTP requests in this frame
Frame:
https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 1DBB0D551088CFF1DE6E6C261F0228AF
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/4431d00a-5480-49d8-8755-f1e125fc6d15.png)
Page Title
Bei Outlook anmeldenPage URL History Show full URLs
-
http://autodiscover.dedagroup.ch/
HTTP 301
https://outlook.office365.com/owa/?realm=dedagroup.ch&vd=autodiscover HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://autodiscover.dedagroup.ch/
HTTP 301
https://outlook.office365.com/owa/?realm=dedagroup.ch&vd=autodiscover HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=cc213cfa-81b6-c629-3cdb-e5c7749d276f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=dedagroup.ch&nonce=638354853929597849.c14a4cca-741d-4cec-88c6-3ecdae14db2b&state=DctBDoIwEEDRVu9C3BQsndLpgniWYWaCJJiaKnh9u3h_960x5tpcGntvMWkKGCJgDHnMMSeE3LMHAmZyCbw4YGWHyJMLykLqQZZxse29DeVHw6Mq7a9ZVGit5Xj3_OxOmen4Ftk-XE6tfw Page URL
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=cc213cfa-81b6-c629-3cdb-e5c7749d276f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=dedagroup.ch&nonce=638354853929597849.c14a4cca-741d-4cec-88c6-3ecdae14db2b&state=DctBDoIwEEDRVu9C3BQsndLpgniWYWaCJJiaKnh9u3h_960x5tpcGntvMWkKGCJgDHnMMSeE3LMHAmZyCbw4YGWHyJMLykLqQZZxse29DeVHw6Mq7a9ZVGit5Xj3_OxOmen4Ftk-XE6tfw&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://autodiscover.dedagroup.ch/ HTTP 301
- https://outlook.office365.com/owa/?realm=dedagroup.ch&vd=autodiscover HTTP 302
- https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=cc213cfa-81b6-c629-3cdb-e5c7749d276f&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=dedagroup.ch&nonce=638354853929597849.c14a4cca-741d-4cec-88c6-3ecdae14db2b&state=DctBDoIwEEDRVu9C3BQsndLpgniWYWaCJJiaKnh9u3h_960x5tpcGntvMWkKGCJgDHnMMSeE3LMHAmZyCbw4YGWHyJMLykLqQZZxse29DeVHw6Mq7a9ZVGit5Xj3_OxOmen4Ftk-XE6tfw
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
authorize
login.microsoftonline.com/common/oauth2/ Redirect Chain
|
20 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BssoInterrupt_Core_SuZwfHH8gwlE7gQ2a715Zg2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
136 KB 48 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.microsoftonline.com/common/oauth2/ |
39 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
109 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_o-ZZReABRa0UshwWo2BEBw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
420 KB 115 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-de.min_g7u9c2x6y83hp3xuhnq1dq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
58 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_f2e0f4a029670f10d892.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
186 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_44b450e8d543eb53930d.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
153 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prefetch.aspx
outlook.office365.com/owa/ Frame 1DBB |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_7eee75fddc0da0f12778.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.6977.29/scripts/ Frame 1DBB |
648 KB 176 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo
aadcdn.msftauthimages.net/c1c6b6c8-x9isavbxks2sp-l1vyk2kkclp76bts1un37ooxzsvg0/logintenantbranding/0/ |
7 KB 8 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssoprobe
autologon.microsoftazuread-sso.com/dedagroup.ch/winauth/ |
12 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.6977.29/scripts/ Frame 1DBB |
644 KB 160 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.6977.29/scripts/ Frame 1DBB |
647 KB 166 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.6977.29/scripts/ Frame 1DBB |
645 KB 142 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.6977.29/resources/images/0/ Frame 1DBB |
132 B 327 B |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dssostatus
login.microsoftonline.com/common/instrumentation/ |
265 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite1.mouse.css
r4.res.office365.com/owa/prem/15.20.6977.29/resources/images/0/ Frame 1DBB |
994 B 503 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/15.20.6977.29/resources/styles/0/ Frame 1DBB |
227 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __17 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
outlook.office365.com/ | Name: ClientId Value: 7759E14E82E74E81A960F1370DAB4A17 |
|
outlook.office365.com/ | Name: OIDC Value: 1 |
|
outlook.office365.com/ | Name: domainName Value: dedagroup.ch |
|
outlook.office365.com/ | Name: OpenIdConnect.nonce.v3.mWywn01x0eXm69EZbS0VAG-z6ZZuPIh_JocnWHSM1kU Value: 638354853929597849.c14a4cca-741d-4cec-88c6-3ecdae14db2b |
|
outlook.office365.com/ | Name: X-OWA-RedirectHistory Value: ArLym14BmbsehVvk2wg |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
|
.login.microsoftonline.com/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.microsoftonline.com/ | Name: buid Value: 0.AXsAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-2zCibg2qqgjcZjtaWfnD9o0KzwZWmzCNo_11jpg3_7lMz9xNpBQahcBNTUOovm18pJHcXQSB-8qkU7finy7_es35zJXtHVmFjNK9cc68OY8gAA |
|
.login.microsoftonline.com/ | Name: esctx Value: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-hnE9OJAV1o3-Kvj0St_a0IBK7OwGW9jRqyewu1EbkrmZvI9U1Y2tJiI7hYNV8IpFeTauMSTaFfRO0jPO3mbEkGhVbK9HRufSObbfD3SFuo6Kon6_F8Wluu4WJ0taUzjaL7QCDbQBR-uXjpv-ky7Wfs1Ah0reXKEmxPmHPAgbgfMgAA |
|
.login.microsoftonline.com/ | Name: esctx-bXmE9rLF028 Value: AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-n0tb6uqtXE0vj8VsEkn5mIi2xdw3PBovHPZVUbVWQ91t1d9KpfiuL7HB21Rrb4FCp5i_U5pxGG1xjnMOuaQB_g9L0YXT4wJMmLMLc3C_NXH92wuetxfSajkONHm13Z7UK1W4FyK6y6kzlnIMVZuDfSAA |
|
login.microsoftonline.com/ | Name: fpc Value: ArA-cjsNw-9NugTEVeYVPaaerOTJAQAAANI05NwOAAAA |
|
.login.live.com/ | Name: uaid Value: 8d8eae2cf3204117b64c76b1e8948a8f |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1699888595&co=1 |
|
login.microsoftonline.com/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 2f012688-7470-40d9-8aa3-6c0bd457ef9a |
|
.login.microsoftonline.com/ | Name: brcap Value: 0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
aadcdn.msftauthimages.net
autodiscover.dedagroup.ch
autologon.microsoftazuread-sso.com
login.live.com
login.microsoftonline.com
outlook.office365.com
r4.res.office365.com
13.107.213.44
152.199.23.37
20.190.159.73
23.38.98.83
40.126.32.74
52.98.179.120
52.98.253.98
1a0ea89ae667420caeae29d594d53258e6ed157dab7e8dfe6f154f0054b0cf99
1b1ab2c780bb6b78c2c42268f91e64e299b85bb7bea0b1158eaa7bd99018dc03
1f90c3543f5b76b8295a8d298dbce301d9c379027c128b47fda21e002638107f
3670c19182b07c1e3690f23281570abf658517de218e12c534caa7a4e3e6decd
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
4027579f15834b1c1d57235d08fd2efa25c2e11095881e9e66df2549e5aa3438
58fa5e4a247076c76b9683f01fdf108f54ff88fda4221b2de376eb96d1f2ba2a
5f5adbc771d02801fb69961683d3ee1f50b7e9c8a66dc3f3cc86263a3f995c0d
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
7800b81af455ea27630d9e4e0bd530426e446e912d478a2653c58f1ab7e62052
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
954ca1cc229daa74bda398b3a9bf1f240387dbf0489f94fc699b1fb3d33ff36b
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
cecffb45d9043982cbfd063c5cc363aec88ba9e538244cbd9b4fd53fb4efc4f6
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d092237fff7ec586a7b6397f0498438190b844b6dcb2e19a879a9ea97602ac49
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
e800b7c46fd8f2af26157503c78caf00bc78f70b1b4be399c3030c83d16093f7
f8a1364e581a6d7f3017785bc22c4f30514dc2d1257c5f9fa061e6c2c3d4291c
fcb536b5c96681e6f2a531edd7591b6f42f1712d4c7d1d9962362c4aa534e6a5