login.microsoftonline.us
Open in
urlscan Pro
20.140.232.137
Public Scan
Effective URL: https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3c...
Submission Tags: @phishunt_io
Submission: On March 19 via api from DE — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 11th 2022. Valid for: a year.
This is the only time login.microsoftonline.us was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 52.127.88.164 52.127.88.164 | 8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 40.126.26.134 40.126.26.134 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 20.140.232.137 20.140.232.137 | 8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.190.151.134 20.190.151.134 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
9 | 5 |
ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
gov.teams.microsoft.us |
ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.us |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
microsoftonline.us
login.microsoftonline.us — Cisco Umbrella Rank: 9116 |
106 KB |
3 |
microsoft.us
gov.teams.microsoft.us — Cisco Umbrella Rank: 9979 |
84 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 76 |
|
1 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 28 |
2 KB |
0 |
msftauth.net
Failed
aadcdn.msftauth.net Failed |
|
9 | 5 |
Domain | Requested by | |
---|---|---|
3 | login.microsoftonline.us |
gov.teams.microsoft.us
login.microsoftonline.us |
3 | gov.teams.microsoft.us |
gov.teams.microsoft.us
|
1 | login.live.com |
login.microsoftonline.us
|
1 | login.microsoftonline.com |
gov.teams.microsoft.us
|
0 | aadcdn.msftauth.net Failed |
login.microsoftonline.us
|
9 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gcc.teams.microsoft.com DigiCert SHA2 Secure Server CA |
2021-06-02 - 2022-06-02 |
a year | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2022-02-17 - 2023-02-17 |
a year | crt.sh |
login.microsoftonline.us DigiCert SHA2 Secure Server CA |
2022-01-11 - 2023-01-11 |
a year | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2022-02-15 - 2023-02-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment&sso_reload=true
Frame ID: BA1C33D367E7DEA244BEF3899E64EA8F
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://gov.teams.microsoft.us/ Page URL
- https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL
- https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20pr... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://gov.teams.microsoft.us/ Page URL
- https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment Page URL
- https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fgov.teams.microsoft.us%2Fgo&state=eyJpZCI6ImJmNmRlNGNhLWVlZGItNDMzYS1iNmFlLTRhMTNiNjBmOTRkMSIsInRzIjoxNjQ3NjUyNjY1LCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3D&nonce=8ba85d3d-81f2-4136-b3ee-3ed5db65b47f&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=04ebc641-db98-424c-888b-1359ccaa1623&response_mode=fragment&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
gov.teams.microsoft.us/ |
277 KB 84 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mark
gov.teams.microsoft.us/auth/ |
0 178 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mark
gov.teams.microsoft.us/auth/ |
0 150 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
instance
login.microsoftonline.com/common//discovery/ |
956 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
openid-configuration
login.microsoftonline.us/organizations/v2.0/.well-known/ |
2 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authorize
login.microsoftonline.us/organizations/oauth2/v2.0/ |
149 KB 54 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
authorize
login.microsoftonline.us/organizations/oauth2/v2.0/ |
192 KB 49 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ConvergedLogin_PCore_7oxafaTECp7DfuB7RFGkfg2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- aadcdn.msftauth.net
- URL
- https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_7oxafaTECp7DfuB7RFGkfg2.js
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gov.teams.microsoft.us/ | Name: TSAUTHCOOKIE Value: |
|
login.microsoftonline.us/ | Name: x-ms-gateway-slice Value: 001 |
|
login.microsoftonline.us/ | Name: stsservicecookie Value: estsusgov |
|
.login.microsoftonline.us/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.us/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.microsoftonline.us/ | Name: buid Value: 0.AAAAMe_N-B6jSkuT5F9XHpElWsDmPF4fK4VCjUt17nh4c0YBAAA.AQABAAEAAgBXxJ9NxOLiQKGXj-vdb8BdFPftuUPem6h1gWjw7WsmAURnzaWiX4Ek-PdJnfUOtyv4dWvqry0IExgh7pO-2uaHimrfHDZFQG6crs3d5YMtnWbEz5aygqzjfj_aMaQe9KAgAA |
|
login.microsoftonline.us/ | Name: fpc Value: AhsS3lJPZ1VCgZ0g9Fohtn181bJ8AQAAADkmx9kOAAAA |
|
.login.microsoftonline.us/ | Name: esctx Value: AQABAAAAAgBXxJ9NxOLiQKGXj-vdb8BdnF2tDziYC8HUUpMykR8QHwAkPqU2Ha3f57-wjYue0crjG5X892dp8HTsXGacuOS0AzEPi3zFm3qaffIWcs1hQcPxRbaDj3VNmjVFK46ilE0mycMJH_HRAMDRrf_ADpOPZnsWkDT63u3lBfrVpIRVYo5EaU5oh5_sUcqcbOM708YgAA |
|
.login.live.com/ | Name: uaid Value: f378a64f822f4f03ad7203050273fc7d |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1647652666&co=1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=2592000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
gov.teams.microsoft.us
login.live.com
login.microsoftonline.com
login.microsoftonline.us
aadcdn.msftauth.net
20.140.232.137
20.190.151.134
40.126.26.134
52.127.88.164
1ba3b04346a7d3ba35186262a939c085175453a739190baa6db3e166e1c706bd
bee988f149f5135b77e9f7ff486286d5002f6dcdd657b0f7a5faec5de5cccaa5
c3469643b7cf3f6a61344fbf1fc8b1ce46ff04abba65dea2e961fe4923f40cb8
d3bafeb059473ed3c48b93c7ac0b0434937cd7213775610ccedd342f65c577e3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855