urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
20.190.160.17  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ib.adnxs.com/getuid?http%3A%2F%2Fbapenda.bulungan.go.id%2Fumcheck%3Fapnxid%5C=%24UID&redirect%5C=https%3A%2F%...
Effective URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission Tags: falconsandbox
Submission: On October 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 5 countries across 7 domains to perform 7 HTTP transactions. The main IP is 20.190.160.17, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 22.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 24th 2022. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 37.252.173.27 29990 (ASN-APPNEX)
1 103.131.61.194 138126 (IDNIC-NEW...)
1 3 188.166.228.69 14061 (DIGITALOC...)
2 2 2603:1026:c0d... 8075 (MICROSOFT...)
3 20.190.160.17 8075 (MICROSOFT...)
1 2620:1ec:46::60 8068 (MICROSOFT...)
7 4
3    37.252.173.27 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    103.131.61.194 (Indonesia)

ASN138126 (IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA, ID)
bapenda.bulungan.go.id
3    188.166.228.69 (Singapore, Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)
securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
2    2603:1026:c0d:828::2 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office.com
3    20.190.160.17 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
login.live.com
1    2620:1ec:46::60 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
Apex Domain
Subdomains		 Transfer
3 patheditasia.com
securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
23 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 232
4 KB
2 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 22
106 KB
2 office.com
outlook.office.com — Cisco Umbrella Rank: 68
3 KB
1 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1182
1 live.com
login.live.com — Cisco Umbrella Rank: 94
1 bulungan.go.id
bapenda.bulungan.go.id
930 B
7 7
Domain Requested by
3 securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com 1 redirects bapenda.bulungan.go.id
securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
3 ib.adnxs.com 3 redirects
2 login.microsoftonline.com securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
login.microsoftonline.com
2 outlook.office.com 2 redirects
1 aadcdn.msauth.net login.microsoftonline.com
1 login.live.com login.microsoftonline.com
1 bapenda.bulungan.go.id
7 7

This site contains no links.

Subject Issuer Validity Valid
patheditasia.com
R3		 2022-10-26 -
2023-01-24		 3 months crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2022-08-24 -
2023-08-24		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2022-10-10 -
2023-10-10		 a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2022-08-23 -
2023-08-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH&sso_reload=true
Frame ID: F03DE16F319B4F1AC4D9038EED643C51
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ib.adnxs.com/getuid?http%3A%2F%2Fbapenda.bulungan.go.id%2Fumcheck%3Fapnxid%5C=%24UID&redi... HTTP 307
    https://ib.adnxs.com/sbounce?%2Fgetuid%3Fhttp%253A%252F%252Fbapenda.bulungan.go.id%252Fumcheck%25... HTTP 307
    https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253Fhttp%25253A%25252F%25252Fbapenda.bulunga... HTTP 302
    http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/p... Page URL
  2. https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com Page URL
  3. https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com HTTP 302
    https://outlook.office.com/ HTTP 302
    https://outlook.office.com/owa/ HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
  4. https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

7
Requests

86 %
HTTPS

33 %
IPv6

7
Domains

7
Subdomains

4
IPs

5
Countries

130 kB
Transfer

600 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ib.adnxs.com/getuid?http%3A%2F%2Fbapenda.bulungan.go.id%2Fumcheck%3Fapnxid%5C=%24UID&redirect%5C=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Demx_eb%26google_hm%3DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%3D%3D&b64_redirect%5C=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%5C%3D&ssp%5C=google_ob%23kvaynshteyn%40gellerco.com HTTP 307
    https://ib.adnxs.com/sbounce?%2Fgetuid%3Fhttp%253A%252F%252Fbapenda.bulungan.go.id%252Fumcheck%253Fapnxid%255C%3D%2524UID%26redirect%255C%3Dhttps%253A%252F%252Fcm.g.doubleclick.net%252Fpixel%253Fgoogle_nid%253Demx_eb%2526google_hm%253DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%253D%253D%26b64_redirect%255C%3DaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%255C%253D%26ssp%255C%3Dgoogle_ob%2523kvaynshteyn%2540gellerco.com HTTP 307
    https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253Fhttp%25253A%25252F%25252Fbapenda.bulungan.go.id%25252Fumcheck%25253Fapnxid%25255C%253D%252524UID%2526redirect%25255C%253Dhttps%25253A%25252F%25252Fcm.g.doubleclick.net%25252Fpixel%25253Fgoogle_nid%25253Demx_eb%252526google_hm%25253DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%25253D%25253D%2526b64_redirect%25255C%253DaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%25255C%25253D%2526ssp%25255C%253Dgoogle_ob%252523kvaynshteyn%252540gellerco.com HTTP 302
    http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob Page URL
  2. https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com Page URL
  3. https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com HTTP 302
    https://outlook.office.com/ HTTP 302
    https://outlook.office.com/owa/ HTTP 302
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH Page URL
  4. https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ib.adnxs.com/getuid?http%3A%2F%2Fbapenda.bulungan.go.id%2Fumcheck%3Fapnxid%5C=%24UID&redirect%5C=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Demx_eb%26google_hm%3DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%3D%3D&b64_redirect%5C=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%5C%3D&ssp%5C=google_ob%23kvaynshteyn%40gellerco.com HTTP 307
  • https://ib.adnxs.com/sbounce?%2Fgetuid%3Fhttp%253A%252F%252Fbapenda.bulungan.go.id%252Fumcheck%253Fapnxid%255C%3D%2524UID%26redirect%255C%3Dhttps%253A%252F%252Fcm.g.doubleclick.net%252Fpixel%253Fgoogle_nid%253Demx_eb%2526google_hm%253DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%253D%253D%26b64_redirect%255C%3DaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%255C%253D%26ssp%255C%3Dgoogle_ob%2523kvaynshteyn%2540gellerco.com HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253Fhttp%25253A%25252F%25252Fbapenda.bulungan.go.id%25252Fumcheck%25253Fapnxid%25255C%253D%252524UID%2526redirect%25255C%253Dhttps%25253A%25252F%25252Fcm.g.doubleclick.net%25252Fpixel%25253Fgoogle_nid%25253Demx_eb%252526google_hm%25253DNTE1NTE2NjYzMzY4NjU1NzcxOThmMQ%25253D%25253D%2526b64_redirect%25255C%253DaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0%25255C%25253D%2526ssp%25255C%253Dgoogle_ob%252523kvaynshteyn%252540gellerco.com HTTP 302
  • http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob
Request Chain 3
  • https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com HTTP 302
  • https://outlook.office.com/ HTTP 302
  • https://outlook.office.com/owa/ HTTP 302
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
umcheck
bapenda.bulungan.go.id/
Redirect Chain
  • http://ib.adnxs.com/getuid?http%3A%2F%2Fbapenda.bulungan.go.id%2Fumcheck%3Fapnxid%5C=%24UID&redirect%5C=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Demx_eb%26google_hm%3DNTE1NTE2NjYzMz...
  • https://ib.adnxs.com/sbounce?%2Fgetuid%3Fhttp%253A%252F%252Fbapenda.bulungan.go.id%252Fumcheck%253Fapnxid%255C%3D%2524UID%26redirect%255C%3Dhttps%253A%252F%252Fcm.g.doubleclick.net%252Fpixel%253Fgo...
  • https://ib.adnxs.com/bounce?%2Fsbounce%3F%252Fgetuid%253Fhttp%25253A%25252F%25252Fbapenda.bulungan.go.id%25252Fumcheck%25253Fapnxid%25255C%253D%252524UID%2526redirect%25255C%253Dhttps%25253A%25252F...
  • http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9...
467 B
930 B 		Document
General
Check archive.org
Download Go to
Full URL
http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob
Protocol
HTTP/1.1
Server
103.131.61.194 , Indonesia, ASN138126 (IDNIC-NEWTON-AS-ID PT. NEWTON CIPTA INFORMATIKA, ID),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 26 Oct 2022 22:11:39 GMT
Expires
Wed, 11 Jan 1984 05:00:00 GMT
Keep-Alive
timeout=5, max=100
Link
<https://bapenda.bulungan.go.id/index.php/wp-json/>; rel="https://api.w.org/"
Server
Apache
Transfer-Encoding
chunked

Redirect headers

AN-X-Request-Uuid
ccbf4c57-62aa-46a1-a6d3-622ff542f10c
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Oct 2022 22:11:38 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob#kvaynshteyn@gellerco.com
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
81.95.5.36; 81.95.5.36; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection
0
/
securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/ 		58 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
Requested by
Host: bapenda.bulungan.go.id
URL: http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.166.228.69 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
1dff573b2459dba9223e5b846103c3008c4cd865c540530d1cdb77d9def1720e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://bapenda.bulungan.go.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 26 Oct 2022 22:11:41 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
/
securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/ 		25 B
397 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
Requested by
Host: securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
URL: https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.166.228.69 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
d6f7d41ab3ade667a96a0c28242919d97ed7e18db8c9492e9a1bcb39f49675c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 26 Oct 2022 22:11:42 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/json
authorize
login.microsoftonline.com/common/oauth2/
Redirect Chain
  • https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
  • https://outlook.office.com/
  • https://outlook.office.com/owa/
  • https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0000...
151 KB
55 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH
Requested by
Host: securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com
URL: https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.17 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityandpasswwordserverlogin-microsoftonlineauthenticator.patheditasia.com/?username=kvaynshteyn@gellerco.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
54989
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Oct 2022 22:11:43 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.13943.8 - NEULR1 ProdSlices
x-ms-request-id
67823084-7181-4167-9ebf-bba499b80000

Redirect headers

alt-svc
h3=":443",h3-29=":443"
content-length
783
content-type
text/html; charset=utf-8
date
Wed, 26 Oct 2022 22:11:43 GMT
location
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH
nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
report-to
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=HHN"}],"include_subdomains":true}
request-id
3e0084e8-5d63-ac98-fc4a-cd02611db881
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-backend-begin
2022-10-26T22:11:43.706
x-backend-end
2022-10-26T22:11:43.706
x-backendhttpstatus
302
x-beserver
FR0P281MB2333
x-besku
WCS6
x-calculatedbetarget
FR0P281MB2333.DEUP281.PROD.OUTLOOK.COM
x-content-type-options
nosniff
x-diaginfo
FR0P281MB2333
x-feefzinfo
HHN
x-feproxyinfo
FR3P281CA0126.DEUP281.PROD.OUTLOOK.COM
x-feserver
FR3P281CA0126
x-firsthopcafeefz
HHN
x-iids
0
x-owa-diagnosticsinfo
2;0;0
x-proxy-backendserverstatus
302
x-proxy-routingcorrectness
1
x-rum-validated
1
x-ua-compatible
IE=EmulateIE7
Primary Request authorize
login.microsoftonline.com/common/oauth2/ 		197 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH&sso_reload=true
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.17 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e1a5280ff068109b1cc2e520356ceda90d4bf0fe9a53302751763b28a53a6a0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
50846
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Oct 2022 22:11:43 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.13943.8 - NEULR2 ProdSlices
x-ms-request-id
93e08c7a-931b-4c2a-b6ed-0b79a5d92a00
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH&sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.17 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers
ConvergedLogin_PCore_jYUeSkXxwVig6Qts6N_uTQ2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		193 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_jYUeSkXxwVig6Qts6N_uTQ2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=3e0084e8-5d63-ac98-fc4a-cd02611db881&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301&state=DcsxEoAgDAXRoONxIoGfBDgOI0Nr6fVN8bbbRERnOEKSCDVHl6plFEETN5N-Y7flaxrrfiqraeeJBl4L2Bg-ICXFe-X3m_kH&sso_reload=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::60 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 26 Oct 2022 22:11:43 GMT
content-encoding
gzip
content-md5
w4sHEIV96wBNg0phpHiTOg==
x-cache
TCP_HIT
content-length
111723
x-ms-lease-status
unlocked
last-modified
Wed, 21 Sep 2022 02:24:27 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DA9B786859AA7D
x-azure-ref
0oLBZYwAAAABKu5Y27FtqSIiZXbxlJBmoQU1TMDRFREdFMTkyMgAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
37600508-b01e-002c-470d-e85259000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData

16 Cookies

Domain/Path Name / Value
.adnxs.com/ Name: uuid2
Value: 8227609675977878077
bapenda.bulungan.go.id/ Name: __wpdm_client
Value: d0c22af950119778ecc2ca448fa200d6
.patheditasia.com/ Name: 3x9pLE
Value: "NGYzYzllNzgtY2QwNC00ZTliLWFkZGEtNjgzYWFlYmM5ZDI5OmJmYjRiZWI4LWQ0NTUtNDcwNy1hNTk3LTdmYThhNTlhYjQ0NQ=="
outlook.office.com/ Name: ClientId
Value: 77D4E6CC97AE4E258086334398918EA7
outlook.office.com/ Name: OIDC
Value: 1
outlook.office.com/ Name: OpenIdConnect.nonce.v3.kNwIeSUY_rK17dSiMZtOwy5jQ-pGA9NraVAQNxiHdZw
Value: 638024191037065508.3f7d6da5-4fc2-4548-a373-dd33f3969301
outlook.office.com/ Name: X-OWA-RedirectHistory
Value: ArLym14BJMneEJ-32gg
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.ATwAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrUY7c8eKNHCFNLgcMOQ7jpC_LCw1vVZm9XYqcDIQWG--BKfOkO-ZhAK9cnE6Hs1sNgjbno0zvzFcKTLxLT78Uj_fib6tGRuao9s3vCRAgrWMgAA
login.microsoftonline.com/ Name: fpc
Value: Ai6bTsd0OfBDqoRJ_nf49ICerOTJAQAAAJ-n69oOAAAA
.login.microsoftonline.com/ Name: esctx
Value: AQABAAAAAAD--DLA3VO7QrddgJg7WevrRnFw4OjiAmnjqxoa9dv_w6f5d2fyoFKDugNG5g4roZQRVtHLGxSPB20cYNUreAlBxiuLlossAdSN4Doz0f8z_4p8NZvvmLe-_FJsu575K7JX2Mu1o5kmVpznMQ_0Xkf8gm1LuoeeNWij5zbBxdzO9U8jAsNqo6LHyVlE1HXGD9M0AiiSb0RiFP6r1u6pQkR3YyU-9THKUBX3TWLcoHFiCk6G_yLDNZX7CNkoFGCsLtwgAA
.login.live.com/ Name: uaid
Value: f5d959e37db9423ba671effedeae3be7
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1666822304&co=1

1 Console Messages

Source Level URL
Text
network error URL: http://bapenda.bulungan.go.id/umcheck?apnxid\=8227609675977878077&redirect\=https://cm.g.doubleclick.net/pixel?google_nid=emx_eb&google_hm=NTE1NTE2NjYzMzY4NjU1NzcxOThmMQ==&b64_redirect\=aHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWVteF9lYiZnb29nbGVfaG09TlRFMU5URTJOall6TXpZNE5qVTFOemN4T1RobU1RPT0\=&ssp\=google_ob#kvaynshteyn@gellerco.com
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)