login.microsoftonline.com

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 2 HTTP transactions. The main IP is 20.190.159.72, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 23.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on December 1st 2022. Valid for: a year.

This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2603:1026:301... 2603:1026:301:2a::8	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2603:1026:301... 2603:1026:301:16::2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.159.72 20.190.159.72	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2

1 2603:1026:301:2a::8 (Vienna, Austria) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

autodiscover.tpa.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:301:16::2 (Vienna, Austria) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

outlook.office365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.159.72 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 23	55 KB
1	office365.com 1 redirects outlook.office365.com — Cisco Umbrella Rank: 42	7 KB
1	paypal.com 1 redirects autodiscover.tpa.paypal.com	547 B
0	paypalcorp.com Failed sso.paypalcorp.com — Cisco Umbrella Rank: 928311 Failed
2	4

	Domain	Requested by
1	login.microsoftonline.com
1	outlook.office365.com	1 redirects
1	autodiscover.tpa.paypal.com	1 redirects
0	sso.paypalcorp.com Failed	login.microsoftonline.com
2	4

This site contains no links.

Subject Issuer	Validity	Valid
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2022-12-01` - `2023-12-01`	a year	crt.sh

This page contains 1 frames:

Frame: https://sso.paypalcorp.com:444/idp/094ViRvmUq/resume/idp/prp.ping
Frame ID: F196F9A3D1024997C04B62CEEEC51A1F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://autodiscover.tpa.paypal.com/ HTTP 301
https://outlook.office365.com/owa/?realm=tpa.paypal.com&vd=autodiscover HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

2
Requests

50 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

55 kB
Transfer

152 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://autodiscover.tpa.paypal.com/ HTTP 301
https://outlook.office365.com/owa/?realm=tpa.paypal.com&vd=autodiscover HTTP 302
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=tpa.paypal.com&nonce=638133458374820386.12ed7996-58d0-413a-804b-68cde22c92f2&state=DctBDoMgEEBRqHfpogkIMwjDwvQsU6BJEw1ErY23L4v3d18KIYbu1knTI4JHsohuIgyOwCB5baHkEKNXE2WjnEVWZNxLeUq5AKQIb5D9fYz1x-NzK7ys89FYN74aLzrV9X7mmb9HzZ891bNsfw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=tpa.paypal.com&nonce=638133458374820386.12ed7996-58d0-413a-804b-68cde22c92f2&state=DctBDoMgEEBRqHfpogkIMwjDwvQsU6BJEw1ErY23L4v3d18KIYbu1knTI4JHsohuIgyOwCB5baHkEKNXE2WjnEVWZNxLeUq5AKQIb5D9fYz1x-NzK7ys89FYN74aLzrV9X7mmb9HzZ891bNsfw&sso_reload=true HTTP 302
https://sso.paypalcorp.com/idp/eyJ2c2lkIjoicGF5cGFsLmNvbSJ9/prp.wsf?client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA02I21DO0UjGAACNdEKlrkJZmqJucCmIhgSIhLoGOZaqe-p2Kiy3fHY481zL17ixGvpKCRL2CxMqCxBy95PzcVYxKGSUlBcVW-vr5pSU5-fnZevlpaZnJqcZmpiB5_fzyRP0djIwXGBlfMDKuYjI3M7YwNDY2MbUwNjexMDIwtjDTMzRKTTG3tDTTNbVIMdA1MTRO1LUwMEnSNbNITkk1Mkq2NEozusXE7-9YWpJhBCLyizKrUj8xcablF-XGF-QXl8xinsToklzi5JLvm-7q6hRU6JFWkJ-e7elbnuVSXhZYHGrm5OVabuhaFGlk7GNSZpxiaOHtGZlUapidF-Jp4uVRnJ9R6ple6V_u7GSalOiR7ertF-FqFJ6V5xoWHuVX4ZMaWmjq6B3omWTqYpkWWWVYoetX5W1eWWxh6RbpZ26S6FNVFGYZYZ6bm2TpURVlYWmY5FecVr6Kmahw3sTMBgyo3Py8U8xs-QWpeZkpF1gYH7AwvmLhMWC24uDgEmCQYFBg-MHCuIgVGCXS_1JWPC3a473TU2ne6u0NDKdY9SuKckrLC7zcglMCApxdLUp8DLzcvIzcKiOqLCv8IiIqI31SPcL9CgLN0_NtLa0MJ7AxTmBj28XGycEswKDE7Bxg-IKN8QMbYwc7wy5OIqLzAjfjAV6GH3wre15c-Hv_2FsPAA2 HTTP 302
https://sso.paypalcorp.com:444/idp/094ViRvmUq/resume/idp/prp.ping

2 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request authorize Show response
login.microsoftonline.com/common/oauth2/
Redirect Chain

http://autodiscover.tpa.paypal.com/
https://outlook.office365.com/owa/?realm=tpa.paypal.com&vd=autodiscover
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0...

152 KB
55 KB

364ms
141ms

Document
text/html

20.190.159.72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=tpa.paypal.com&nonce=638133458374820386.12ed7996-58d0-413a-804b-68cde22c92f2&state=DctBDoMgEEBRqHfpogkIMwjDwvQsU6BJEw1ErY23L4v3d18KIYbu1knTI4JHsohuIgyOwCB5baHkEKNXE2WjnEVWZNxLeUq5AKQIb5D9fYz1x-NzK7ys89FYN74aLzrV9X7mmb9HzZ891bNsfw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.159.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/

Resource Hash

43a6585379a4243f2ffea4a4570faee2321d7e3710ee1b70cb2ef9067442dfd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 55352
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Mar 2023 09:23:57 GMT
Expires: -1
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub1"}]}
x-ms-ests-server: 2.1.14649.20 - EUS ProdSlices
x-ms-request-id: cb51a8e7-b9ac-4f29-8d3e-08c8c90ce700

Redirect headers

Alt-Svc: h3=":443",h3-29=":443"
Content-Length: 867
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Mar 2023 09:23:56 GMT
Location: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=tpa.paypal.com&nonce=638133458374820386.12ed7996-58d0-413a-804b-68cde22c92f2&state=DctBDoMgEEBRqHfpogkIMwjDwvQsU6BJEw1ErY23L4v3d18KIYbu1knTI4JHsohuIgyOwCB5baHkEKNXE2WjnEVWZNxLeUq5AKQIb5D9fYz1x-NzK7ys89FYN74aLzrV9X7mmb9HzZ891bNsfw
NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=VIE"}],"include_subdomains":true}
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-BEServer: VI1PR07MB5279
X-BackEnd-Begin: 2023-03-02T09:23:57.482
X-BackEnd-End: 2023-03-02T09:23:57.482
X-BackEndHttpStatus: 302
X-BeSku: WCS5
X-CalculatedBETarget: VI1PR07MB5279.eurprd07.PROD.OUTLOOK.COM
X-Content-Type-Options: nosniff
X-DiagInfo: VI1PR07MB5279
X-FEEFZInfo: VIE
X-FEProxyInfo: VI1PR07CA0130.EURPRD07.PROD.OUTLOOK.COM
X-FEServer: VI1PR07CA0130
X-FirstHopCafeEFZ: VIE
X-IIDs: 0
X-OWA-DiagnosticsInfo: 2;0;0
X-Proxy-BackendServerStatus: 302
X-Proxy-RoutingCorrectness: 1
X-RUM-NotUpdateQueriedDbCopy: 1
X-RUM-NotUpdateQueriedPath: 1
X-RUM-Validated: 1
X-UA-Compatible: IE=EmulateIE7
request-id: 4925a688-892f-a321-39ee-c359ce8495dd

GET

prp.ping
sso.paypalcorp.com/idp/094ViRvmUq/resume/idp/
Redirect Chain

https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0...
https://sso.paypalcorp.com/idp/eyJ2c2lkIjoicGF5cGFsLmNvbSJ9/prp.wsf?client-request-id=4925a688-892f-a321-39ee-c359ce8495dd&username=&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=es...
https://sso.paypalcorp.com:444/idp/094ViRvmUq/resume/idp/prp.ping

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sso.paypalcorp.com
URL: https://sso.paypalcorp.com:444/idp/094ViRvmUq/resume/idp/prp.ping

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
outlook.office365.com/	1970-01-20 18:49:31	Name: ClientId Value: ADAAFAE6D86F477AB2682E2A77E4CB75
outlook.office365.com/	1970-01-20 14:27:26	Name: OIDC Value: 1
outlook.office365.com/	1969-12-31 23:59:59	Name: domainName Value: tpa.paypal.com
outlook.office365.com/	1970-01-20 10:02:32	Name: OpenIdConnect.nonce.v3.6aldvFrh8TIn1BpbOrwts0GicxxBT-Xp0s1oXnmHGOo Value: 638133458374820386.12ed7996-58d0-413a-804b-68cde22c92f2
outlook.office365.com/	1970-01-20 10:02:50	Name: X-OWA-RedirectHistory Value: ArLym14BIgK52f8a2wg
login.microsoftonline.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
login.microsoftonline.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login.microsoftonline.com/	1970-01-20 10:02:29	Name: SSOCOOKIEPULLED Value: 1
login.microsoftonline.com/	1970-01-20 10:45:41	Name: buid Value: 0.AQ0AMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrCa_f64RjLqEWtVxtvSmmLGTZ55ssfkcCWkG4L4XQ8kgNzyy56wm3BDccPSJLdV5rjVgEYJkTF4qF8meFsGaG9uVxaRhZcIjvyA3BDihCEPUgAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: ESTSWCTXFLOWTOKEN Value: AQABAAEAAAD--DLA3VO7QrddgJg7WevrnXuD4qPmg_RkAjozrxq89GDD_Yk_gVsQaoOuPYjoNu8sZkoSnid1xg7ExsvtX6yZ9DjrY0sdUQr3WbNh_e_g81o_T3-P-nfqbpH7pGje4yzndpp9-1SPtJIAxtUrD2FkFUs8mw6xERg91Nb-ebVZ56qRfNNUFgG_V3wurDRp1pVn-IfTfmCdXQZ4oM2JkvWepfpO0UKCqJzeHmTkxVxHiITQi9l5QXLy1fyns4Lx39ElTFEZprlfcIZx_cVDBiGoXjzrn1maLrT4bfHPwW1NksGNqs8k-dC1OKeYjL-0YQ81PA6MjmRXzinHphC3Bk3Uus3WudvK6G7VOq4Fzo9CHXVeCRmL2xSiBonGo7tbUjtbzdLxqn-CxT5ikk3D6kRIug46VIG97JqB1Crazz4VMq-n_AqCd3aYn6D2v-P4hV2HwO8P3Ipm8RWGpnNY2x8yYoD1gEPKKefb9dldrcX_uJrAIYv-04AUNuiaGdCKDSPBLqDkXN4iLQENv_2ysNjtjyzn_ko2GSg-BVyJsYmYkx_EZZJ2BO_VgJfOEuHGsM7_qJ-YD5-CWU6kgimKz7vaIAA
login.microsoftonline.com/	1970-01-20 10:45:41	Name: fpc Value: AuFpBo9XZ2VIsGUNNvxMLEGerOTJAQAAAC1iktsOAAAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7WevrijKnGK3nfbQjCkGKQTlcBCCwPLL-Q159frpOPaRSiXJbhjmOL06c4YlJAvqqIXC_KwMNl8ZJLYWSJVuNESHTdexm3QFlx63jzwA4hf0mqZSTsXWuS69dIPdCsnxAPrTUbs5p97nfKbdV7ayMPALbXvp0bhnV8wFBDaw0deDRyKEgAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: cltm Value: CgAQABoAIgQIDBAF
sso.paypalcorp.com/	1970-01-20 10:12:33	Name: PF Value: FkXBGkIk9KA65NXTtLMAcd
sso.paypalcorp.com/	1970-01-20 10:02:29	Name: pp-ssoprod-stickyw Value: 3036077578.47873.0000
sso.paypalcorp.com/	1969-12-31 23:59:59	Name: TS01b10454 Value: 01c23221cb5ca739f8587c203a90443fd5d1b2a1dd00c9263fb4c69dc825ae743025e754d7eda9d1f268550ccfef135f4b424e0985b9f1614262edc4706d0fa16b7975e9a8525a0d38b715dd94ed96fb4b20061970

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

autodiscover.tpa.paypal.com
login.microsoftonline.com
outlook.office365.com
sso.paypalcorp.com
sso.paypalcorp.com
20.190.159.72
2603:1026:301:16::2
2603:1026:301:2a::8
43a6585379a4243f2ffea4a4570faee2321d7e3710ee1b70cb2ef9067442dfd1

login.microsoftonline.com Open in urlscan Pro 20.190.159.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

2 Requests

50 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

2 IPs

3 Countries

55 kBTransfer

152 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

17 Cookies

Security Headers

Indicators

login.microsoftonline.com Open in urlscan Pro
20.190.159.72 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

55 kB
Transfer

152 kB
Size

17
Cookies

2 HTTP transactions
0 data transactions