login.microsoftonline.us Open in urlscan Pro
20.140.232.137 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gov.teams.microsoft.us/
Effective URL:
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3c...
Submission Tags: @phishunt_io
Submission: On March 19 via api (March 19th 2022, 1:17:59 am UTC) from DE — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 9 HTTP transactions. The main IP is 20.140.232.137, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.us. The Cisco Umbrella rank of the primary domain is 9116.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 11th 2022. Valid for: a year.

This is the only time login.microsoftonline.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	52.127.88.164 52.127.88.164	8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	40.126.26.134 40.126.26.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	20.140.232.137 20.140.232.137	8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.151.134 20.190.151.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	5

3 52.127.88.164 (San Antonio, United States)

ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

gov.teams.microsoft.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.126.26.134 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.140.232.137 (Boydton, United States)

ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.151.134 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	microsoftonline.us login.microsoftonline.us — Cisco Umbrella Rank: 9116	106 KB
3	microsoft.us gov.teams.microsoft.us — Cisco Umbrella Rank: 9979	84 KB
1	live.com login.live.com — Cisco Umbrella Rank: 76
1	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 28	2 KB
0	msftauth.net Failed aadcdn.msftauth.net Failed
9	5

	Domain	Requested by
3	login.microsoftonline.us	gov.teams.microsoft.us login.microsoftonline.us
3	gov.teams.microsoft.us	gov.teams.microsoft.us
1	login.live.com	login.microsoftonline.us
1	login.microsoftonline.com	gov.teams.microsoft.us
0	aadcdn.msftauth.net Failed	login.microsoftonline.us
9	5

This site contains no links.

Subject Issuer	Validity	Valid
gcc.teams.microsoft.com DigiCert SHA2 Secure Server CA	`2021-06-02` - `2022-06-02`	a year	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2022-02-17` - `2023-02-17`	a year	crt.sh
login.microsoftonline.us DigiCert SHA2 Secure Server CA	`2022-01-11` - `2023-01-11`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2022-02-15` - `2023-02-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment&sso_reload=true
Frame ID: BA1C33D367E7DEA244BEF3899E64EA8F
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://gov.teams.microsoft.us/ Page URL
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

192 kB
Transfer

621 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gov.teams.microsoft.us/ Page URL
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment Page URL
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
gov.teams.microsoft.us/ 277 KB
84 KB 921ms
103ms Document
text/html 52.127.88.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://gov.teams.microsoft.us/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.127.88.164 San Antonio, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bee988f149f5135b77e9f7ff486286d5002f6dcdd657b0f7a5faec5de5cccaa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

cache-control: no-store, no-transform, must-revalidate, no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: Fri, 18 Mar 2022 01:17:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-ring-info: web: general [assigned], mt: general [assigned]
x-auth-info: msal_dev1 / assigned
x-robots-tag: noindex
x-ua-compatible: IE=Edge;chrome=1
requestid: |a78c3a40b3a42f4ca3427b8f41b618cf.763d17527465ee4a.
x-content-type-options: nosniff
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 48B385D7088941638CE0DF59ED620D7E Ref B: snr5a1-fdv2-86b76bf59-wm4zt Ref C: 2022-03-19T01:17:45Z
date: Sat, 19 Mar 2022 01:17:45 GMT

GET
H2 200 mark Show response
gov.teams.microsoft.us/auth/ 0
178 B 99ms
99ms XHR
text/plain 52.127.88.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://gov.teams.microsoft.us/auth/mark?area=start

Requested by

Host: gov.teams.microsoft.us
URL: https://gov.teams.microsoft.us/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.127.88.164 San Antonio, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://gov.teams.microsoft.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
x-ring-info: web: general [assigned], mt: general [assigned]
date: Sat, 19 Mar 2022 01:17:45 GMT
requestid: |21f43ca6302a824ba7cfa3849b491587.ef05ae74b590cd4a.
x-frame-options: SAMEORIGIN
x-cache: CONFIG_NOCACHE
cache-control: no-store,no-cache
x-msedge-ref: Ref A: 5300527A1FD349908147CDBF01CF90E5 Ref B: snr5a1-fdv2-86b76bf59-wm4zt Ref C: 2022-03-19T01:17:45Z
timing-allow-origin: *
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 mark Show response
gov.teams.microsoft.us/auth/ 0
150 B 100ms
100ms XHR
text/plain 52.127.88.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://gov.teams.microsoft.us/auth/mark?area=prelogin

Requested by

Host: gov.teams.microsoft.us
URL: https://gov.teams.microsoft.us/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.127.88.164 San Antonio, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://gov.teams.microsoft.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
x-ring-info: web: general [assigned], mt: general [assigned]
date: Sat, 19 Mar 2022 01:17:45 GMT
requestid: |5b23966faa926a469abf99710c910e94.7fda378e757de444.
x-frame-options: SAMEORIGIN
x-cache: CONFIG_NOCACHE
cache-control: no-store,no-cache
x-msedge-ref: Ref A: 462C48BD8CA94C53BAA4316764076863 Ref B: snr5a1-fdv2-86b76bf59-wm4zt Ref C: 2022-03-19T01:17:45Z
timing-allow-origin: *
content-length: 0
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK instance Show response
login.microsoftonline.com/common//discovery/ 956 B
2 KB 511ms
143ms XHR
application/json 40.126.26.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common//discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize

Requested by

Host: gov.teams.microsoft.us
URL: https://gov.teams.microsoft.us/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.26.134 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c3469643b7cf3f6a61344fbf1fc8b1ce46ff04abba65dea2e961fe4923f40cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://gov.teams.microsoft.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Date: Sat, 19 Mar 2022 01:17:45 GMT
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin: *
x-ms-request-id: 6a8e1ca2-c7c7-44fb-98ba-c412a4475800
Cache-Control: max-age=86400, private
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}
x-ms-ests-server: 2.1.12529.19 - SCUS ProdSlices
Content-Type: application/json; charset=utf-8
Content-Length: 956
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK openid-configuration
login.microsoftonline.us/organizations/v2.0/.well-known/ 2 KB
3 KB 261ms
52ms XHR
application/json 20.140.232.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.us/organizations/v2.0/.well-known/openid-configuration

Requested by

Host: gov.teams.microsoft.us
URL: https://gov.teams.microsoft.us/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.140.232.137 Boydton, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://gov.teams.microsoft.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Date: Sat, 19 Mar 2022 01:17:46 GMT
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin: *
x-ms-request-id: 2bdaa389-8fc0-4bc1-a962-60814cea0b00
Cache-Control: max-age=86400, private
x-ms-ests-server: 2.1.12559.10 - BNO1 ProdSlices
Content-Type: application/json; charset=utf-8
Content-Length: 1589
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK authorize Show response
login.microsoftonline.us/organizations/oauth2/v2.0/ 149 KB
54 KB 258ms
115ms Document
text/html 20.140.232.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment

Requested by

Host: gov.teams.microsoft.us
URL: https://gov.teams.microsoft.us/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.140.232.137 Boydton, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1ba3b04346a7d3ba35186262a939c085175453a739190baa6db3e166e1c706bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://gov.teams.microsoft.us/

Response headers

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 436c6261-9e80-44db-8eb4-87fa7a401d00
x-ms-ests-server: 2.1.12559.10 - BNO1 ProdSlices
x-ms-clitelem: 1,50168,0,,
Referrer-Policy: strict-origin-when-cross-origin
Date: Sat, 19 Mar 2022 01:17:45 GMT
Content-Length: 54409

GET
H/1.1 200
OK Primary Request authorize Show response
login.microsoftonline.us/organizations/oauth2/v2.0/ 192 KB
49 KB 105ms
105ms Document
text/html 20.140.232.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: login.microsoftonline.us
URL: https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.140.232.137 Boydton, United States, ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

d3bafeb059473ed3c48b93c7ac0b0434937cd7213775610ccedd342f65c577e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment

Response headers

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: ca63c4f5-1501-4c4a-a8ee-84c9ffbc1000
x-ms-ests-server: 2.1.12559.10 - BNO1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
Date: Sat, 19 Mar 2022 01:17:46 GMT
Content-Length: 48929

GET
H/1.1 200
OK Me.htm
login.live.com/ 0
0 254ms
50ms Other
text/html 20.190.151.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://login.live.com/Me.htm?v=3
Requested by: Host: login.microsoftonline.us
URL: https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment&sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.190.151.134 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://login.microsoftonline.us/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET ConvergedLogin_PCore_7oxafaTECp7DfuB7RFGkfg2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_7oxafaTECp7DfuB7RFGkfg2.js

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gov.teams.microsoft.us/	1970-01-20 01:48:04	Name: TSAUTHCOOKIE Value:
login.microsoftonline.us/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: 001
login.microsoftonline.us/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsusgov
.login.microsoftonline.us/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login.microsoftonline.us/	1970-01-20 01:40:52	Name: SSOCOOKIEPULLED Value: 1
login.microsoftonline.us/	1970-01-20 02:24:04	Name: buid Value: 0.AAAAMe_N-B6jSkuT5F9XHpElWsDmPF4fK4VCjUt17nh4c0YBAAA.AQABAAEAAgBXxJ9NxOLiQKGXj-vdb8BdFPftuUPem6h1gWjw7WsmAURnzaWiX4Ek-PdJnfUOtyv4dWvqry0IExgh7pO-2uaHimrfHDZFQG6crs3d5YMtnWbEz5aygqzjfj_aMaQe9KAgAA
login.microsoftonline.us/	1970-01-20 02:24:04	Name: fpc Value: AhsS3lJPZ1VCgZ0g9Fohtn181bJ8AQAAADkmx9kOAAAA
.login.microsoftonline.us/	1969-12-31 23:59:59	Name: esctx Value: AQABAAAAAgBXxJ9NxOLiQKGXj-vdb8BdnF2tDziYC8HUUpMykR8QHwAkPqU2Ha3f57-wjYue0crjG5X892dp8HTsXGacuOS0AzEPi3zFm3qaffIWcs1hQcPxRbaDj3VNmjVFK46ilE0mycMJH_HRAMDRrf_ADpOPZnsWkDT63u3lBfrVpIRVYo5EaU5oh5_sUcqcbOM708YgAA
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: f378a64f822f4f03ad7203050273fc7d
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1647652666&co=1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
gov.teams.microsoft.us
login.live.com
login.microsoftonline.com
login.microsoftonline.us
aadcdn.msftauth.net
20.140.232.137
20.190.151.134
40.126.26.134
52.127.88.164
1ba3b04346a7d3ba35186262a939c085175453a739190baa6db3e166e1c706bd
bee988f149f5135b77e9f7ff486286d5002f6dcdd657b0f7a5faec5de5cccaa5
c3469643b7cf3f6a61344fbf1fc8b1ce46ff04abba65dea2e961fe4923f40cb8
d3bafeb059473ed3c48b93c7ac0b0434937cd7213775610ccedd342f65c577e3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

login.microsoftonline.us Open in urlscan Pro 20.140.232.137 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

9 Requests

89 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

1 Countries

192 kBTransfer

621 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

10 Cookies

Security Headers

Indicators

login.microsoftonline.us Open in urlscan Pro
20.140.232.137 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

192 kB
Transfer

621 kB
Size

10
Cookies

9 HTTP transactions
0 data transactions