login.microsoftonline.com Open in urlscan Pro
40.126.31.67 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cushmanwakefield.ralichange.com/
Effective URL:
https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Submission: On April 28 via manual (April 28th 2023, 2:00:20 pm UTC) from IN — Scanned from DE

Summary HTTP 55 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 13 domains to perform 55 HTTP transactions. The main IP is 40.126.31.67, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 30.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on March 2nd 2023. Valid for: a year.

This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2606:4700:303... 2606:4700:3034::ac43:d8fb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
11	18.66.97.55 18.66.97.55	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	108.138.7.85 108.138.7.85	16509 (AMAZON-02) (AMAZON-02)
4	40.126.31.67 40.126.31.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
11	2620:1ec:4f:1... 2620:1ec:4f:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2603:1026:300... 2603:1026:3000:150::8	() ()
2	2606:2800:233... 2606:2800:233:3d10:442f:fac8:6d32:4c87	15133 (EDGECAST) (EDGECAST)
1	2603:1026:300... 2603:1026:3000:c8::6	() ()
55	14

17 2606:4700:3034::ac43:d8fb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cushmanwakefield.ralichange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ralilogin.ralichange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

static.filestackapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.66.97.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-55.fra56.r.cloudfront.net

ok14static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-85.fra56.r.cloudfront.net

login.okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 40.126.31.67 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2620:1ec:4f:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:3000:150::8 (None, )

ASN- ()

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:3d10:442f:fac8:6d32:4c87 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1026:3000:c8::6 (None, )

ASN- ()

autologon.microsoftazuread-sso.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	ralichange.com 1 redirects cushmanwakefield.ralichange.com ralilogin.ralichange.com Failed	388 KB
11	msauth.net aadcdn.msauth.net — Cisco Umbrella Rank: 2578	236 KB
11	oktacdn.com ok14static.oktacdn.com — Cisco Umbrella Rank: 44682	973 KB
4	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 30	114 KB
2	msauthimages.net aadcdn.msauthimages.net — Cisco Umbrella Rank: 7139	269 KB
2	okta.com login.okta.com — Cisco Umbrella Rank: 7619	97 KB
1	microsoftazuread-sso.com autologon.microsoftazuread-sso.com	1 KB
1	live.com login.live.com
1	gstatic.com fonts.gstatic.com	44 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	1 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1718	256 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	78 KB
1	filestackapi.com static.filestackapi.com — Cisco Umbrella Rank: 43426	72 KB
55	13

	Domain	Requested by
14	cushmanwakefield.ralichange.com	1 redirects cushmanwakefield.ralichange.com
11	aadcdn.msauth.net	login.microsoftonline.com aadcdn.msauth.net
11	ok14static.oktacdn.com	ralilogin.ralichange.com ok14static.oktacdn.com
4	login.microsoftonline.com	login.microsoftonline.com aadcdn.msauth.net
3	ralilogin.ralichange.com	cushmanwakefield.ralichange.com ok14static.oktacdn.com
2	aadcdn.msauthimages.net
2	login.okta.com	ok14static.oktacdn.com login.okta.com
1	autologon.microsoftazuread-sso.com
1	login.live.com	login.microsoftonline.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	ralilogin.ralichange.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	cushmanwakefield.ralichange.com
1	static.filestackapi.com	cushmanwakefield.ralichange.com
55	14

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
ralichange.com Cloudflare Inc ECC CA-3	`2022-07-25` - `2023-07-25`	a year	crt.sh
*.filestackapi.com R3	`2023-04-07` - `2023-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-01-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-13` - `2023-07-25`	a year	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2023-03-02` - `2024-03-02`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2023-04-28` - `2024-04-28`	a year	crt.sh
login.live.com DigiCert SHA2 Secure Server CA	`2023-04-02` - `2024-04-02`	a year	crt.sh
aadcdn.msauthimages.net Microsoft Azure TLS Issuing CA 02	`2023-03-08` - `2024-03-02`	a year	crt.sh
autologon.microsoftazuread-sso.com DigiCert SHA2 Secure Server CA	`2023-04-05` - `2024-04-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Frame ID: F38F34D41B4C4983B1F84860AB43CAEF
Requests: 53 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 97435059E0C19F62FA6BBC478B639BE1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

https://cushmanwakefield.ralichange.com/ HTTP 302
https://cushmanwakefield.ralichange.com/login?returnTo=/ Page URL
https://ralilogin.ralichange.com/oauth2/default/v1/authorize?client_id=0oa4wv6aooY67tA7L697&scope=openid%20pr... Page URL
https://ralilogin.ralichange.com/sso/idps/0oa54u5wr4qN5RNBx697?stateTokenExternalId=YWllS01yQWhWT2QxcHo4SUppN... Page URL
https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2 Page URL
https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

55
Requests

96 %
HTTPS

69 %
IPv6

13
Domains

14
Subdomains

14
IPs

3
Countries

2273 kB
Transfer

6089 kB
Size

14
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/de-DE/servicesagreement/
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/de-DE/privacystatement
Title: Datenschutz & Cookies

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/de-de/corporate/rechtliche-hinweise/impressum.aspx
Title: Haftungsausschluss

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cushmanwakefield.ralichange.com/ HTTP 302
https://cushmanwakefield.ralichange.com/login?returnTo=/ Page URL
https://ralilogin.ralichange.com/oauth2/default/v1/authorize?client_id=0oa4wv6aooY67tA7L697&scope=openid%20profile%20email%20offline_access&response_type=code&redirect_uri=https://cushmanwakefield.ralichange.com/api/auth/callback&state=42ddd4df23e45eabf557161d4efd1bd8 Page URL
https://ralilogin.ralichange.com/sso/idps/0oa54u5wr4qN5RNBx697?stateTokenExternalId=YWllS01yQWhWT2QxcHo4SUppNjdOaXRwUU4wZCtyVCtMR2JqOTF0R0Q0eHAxRTJsZXpDS3ZtL05XR1oxUy9yYw Page URL
https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2 Page URL
https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cushmanwakefield.ralichange.com/ HTTP 302
https://cushmanwakefield.ralichange.com/login?returnTo=/

55 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

https://cushmanwakefield.ralichange.com/
https://cushmanwakefield.ralichange.com/login?returnTo=/

51 KB
10 KB

695ms
695ms

Document
text/html

2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

f303bf389abed9e7bf13779b5c5676aded945d7020e928f6aa3cbb21aabacab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7befd48f890c06ce-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 28 Apr 2023 14:00:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQ%2BfrTm9x%2BMhrH8UTZECsHuB0ibNBggHCTRqFQDjIZ3%2F4Mjwfo9Az6RDt2NwwXZ1ZdJr9vDLZB488TCMY27L%2BiR9i5mqv7v%2BSDBmGIhkyuaB4kY0dphgSRuwVFvKjcBntFnVmeQhg%2Br3hYp%2FsTwwKFs1CZI1vzmE0SGxKLfw"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-powered-by: Next.js

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7befd48d1dc906ce-AMS
date: Fri, 28 Apr 2023 14:00:13 GMT
location: /login?returnTo=/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MbIEqAK00JuC%2B704lMEW%2FS%2FUhVfIO5hAcUU%2FimK%2BFBX3bfcarWJDZcnd3bsUMbZcyDzjAPG0X07BZzTiOXslVN%2BOOosriddSK%2BOIgkdqOL3mpwdoLoogaILORpb8tD0NYH%2Bd8rvdOuotoaMJAGmR3KmJJdODB6fIoxh1cGqu"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 vegur

GET
H3 200 58327bad2f4ad08f.css
cushmanwakefield.ralichange.com/_next/static/css/ 135 KB
18 KB 494ms
492ms Stylesheet
text/css 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/css/58327bad2f4ad08f.css

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a91acef119f0490ffababa3352b6e66f746572b21ffdd712e53517b9882bb275

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"21d91-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S6vNPsR4vt2XqdVKY6qY%2BWsw27LKVbX138sk5DHouBosVgT1l0yAhgp8eQaA4bmfPSnPY%2Bzr4yTqCAZDpNbg%2FmoBbKAClk22yinIQfrdeVCKLh652FQXKdIad7IQ52AleD4lZw%2F5V43Kl5E8mCjlO6sxyc%2BdkSzDX6jtDh42"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd493fdf00a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 webpack-19ef82e4ce43052f.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/ 4 KB
2 KB 402ms
400ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/webpack-19ef82e4ce43052f.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8133428e6c2b08966871aaf6c1b48b35f31c5af533f6c6135c95f25752118d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"f3d-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XGFvpxagP9L8HgQf7JF%2BWpY%2Fok2tKhs5KhLl8sVSRD0XGa1ixfpB8isEQb58dWhsrigi%2B4Hf3ufcKY%2B9YQAkBiyVMxjbQZg7SepUTgqk4YBFF987Sa6uMfuPaY8tABhc1WnQRPdSetpF2T4A283biokqJgg%2Ff2xQcykwm2%2Fe"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd493fdf30a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 framework-c28a14505f10b7d6.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/ 146 KB
46 KB 586ms
583ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/framework-c28a14505f10b7d6.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e02e63a164d1a043b7126c16bf1bf9389510c5d2eb7eae9956aa0526cc47713d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"2486d-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtlJV2KA26a%2FWt6S1ETIhfgnYHYU66FE1Ny1C7f8Dzjh1HLuHZJdAV4QoUujAi5pEBpEvdXYlfiyRSOaiu0PmLV7O7ovVaNwJJTdoIGKIAC27TKX7MxBc6nvL0tJ7ZsJQdp8NVXJkt2VyBLMXMwodMNPOcLKoOPUU9Ujmq1Q"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e2a0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 main-d92283c70d96de0c.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/ 73 KB
24 KB 499ms
497ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/main-d92283c70d96de0c.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fe59a93a6c3a10ea386f143184adb90d8d32fbd6566c8e0c3e24fed7a3effd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"12266-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2B1awfk2PLzKH%2FVVZetCgdpfb7GfsaFHCX8eSQMZKi77zlwhtKPiQ0Tox%2BV6ssI5%2FaJ1P4pQbuHq8i3cBEBenmEo1ek4ADVnyIVLEsS2aG87RHa%2FVZtQKUhzB6KWqg0Z3YspCgfPhf2Eo21wCPsj%2FjTRnYhQ3J%2FEHvLJdH41"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e2c0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 _app-8003daa2dd3c45b7.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/pages/ 986 KB
240 KB 677ms
674ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/pages/_app-8003daa2dd3c45b7.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

950911eb66960dba1cf76c150c2046d5c48ce47ac854756b23f550b2aaf9b2f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"f6876-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t5rrYMk%2B5JolKI%2FMpVdJYVwByFPiJNqUozD01%2FX6j%2Fm5kH1V263Tb0TLnv7KGBUbUo%2BwpM1NExnqpsx7wxcyxPY%2BhuijsH%2BVE4F7brZHTD3ySclE%2By2PkNAWax5hrUSVc83v%2FCD7INubCWoNwza4j93ep06nHxhNdQTybEQZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e2d0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 2580-0c80a24e03bb3b7f.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/ 35 KB
12 KB 402ms
400ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/2580-0c80a24e03bb3b7f.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f5a6ad3056923c951d5d780c93730c571527c6f43c4c84cbf57edd88b2b9a0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"8c06-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yruByggwN6tgHCA%2B0NNNo9XVPoAmpX1Fm6EAeADoFflMhNn3PKCE0hGBk58GZ5kupzJ2ZXX4CEwCef0qAbEqmV1zDq6%2Fuj5a4Sj2OxphuR3ZySxHDrDF7lsLo2ZemXa%2FW0svx7QgJ7phlpjLGcUcZI5CQgdVJcQ6Cw%2FdLPhW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e2e0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 6599-f2bc195c1c700a28.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/ 12 KB
4 KB 401ms
399ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/6599-f2bc195c1c700a28.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77a8fc4f01974c1ec66a53686376ce4fb77eed83cfaecac491e4d8e8003c50dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"3071-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcZjPM8t9izpA1bMLttTBby2E82cwGh8lhMi0LSzQJDQCzQMkTp8dvtz5K5MRPjCLyGkufq4%2B820oyOzXKM7RE02hRqAO9Cawo3AcRoYUHiXTvPI1T8CZTMhMSBWO%2F1nGaMnMyldOqtIheNrhSBKblnEuYHcSZoDxcKoYPr7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e310a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 login-755788f14dbeca07.js Show response
cushmanwakefield.ralichange.com/_next/static/chunks/pages/ 10 KB
4 KB 414ms
412ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/chunks/pages/login-755788f14dbeca07.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84a46eec67d4e3cac946756f684e3788c8ed426e8c35bbc8a4e5bb77b9582a48

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"2678-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDrSLdb6ARQhTAs5z8f31VW%2BjaDpqLLXBLWND4oDHH4ADuk%2FMxPKwicpCXHqZryOsEJwDQpiX8DZL6jHFDUJvwrhWGQQ%2BiGZGY%2BUwQaqPt5dDVTVLEryeJBGlGVTDClIrnT8UIA3LmJDZEOQvEK1dCwTGBddROwCRPth21eL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e330a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 _buildManifest.js Show response
cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/ 9 KB
3 KB 415ms
413ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/_buildManifest.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4390e30516e175ad6171269609912faceafd137d151e685176fb3e4c854504e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"2317-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C0NpzfZvP1jqp8dRFPjSl8A%2BoY9%2Bl0o%2BHPP0Zxz3P%2B%2FbRSTCecjFBs7nGjYt5ooq0Mc27GQIcFpMzM7%2FWhiQ2CKa%2FtaCrGCE3%2F8zd8TtqQ%2BlsXO%2F%2FffDJSDWvNvzhOcGBZzzTjDK8Q6JUPhR4wuSBKfvivpy06t8cahoqDj6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e340a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 _ssgManifest.js Show response
cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/ 77 B
630 B 396ms
394ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/_ssgManifest.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"4d-18781ceb788"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D1FgTfKHNS3wKRCxONYVX5rvGdrTmzd6xuB61U13E605gq4OPiQSmtznnErTMfZ4APMq5Fcs6f6zz6MOoQRH6NKob6g5Xi5JQ%2FZFWTsXknA1t%2BXtw5qnYZ6TD%2B2qkttSr3exfcJwi%2B9xCOGIVLFPOaxTtciF4KSpFfoZIgX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e350a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 _middlewareManifest.js Show response
cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/ 92 B
632 B 401ms
399ms Script
application/javascript 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/_next/static/JxnSQPB61Iny3ioziLdVr/_middlewareManifest.js

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
via: 1.1 vegur
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 14 Apr 2023 22:08:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
etag: W/"5c-18781cfc510"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2Bg2tT6ucmhcE1GoPKTZ%2B4%2BjR1PhxlUMpou1XAqeEGjZzPcbsawhV%2BcCOxrnfIJYM62N7zdOyMbKwcI9v%2BqHbjkc2ATehSQ4qK7cjxL7mtkJqTFKfClXzxMpFSPj98SiLyfovOIZ9IxEk225r95h2Po%2FKAmwLL04hqvUYcDD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 7befd4941e360a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 filestack.min.js Show response
static.filestackapi.com/filestack-js/3.x.x/ 254 KB
72 KB 72ms
9ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.filestackapi.com/filestack-js/3.x.x/filestack.min.js
Requested by: Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/login?returnTo=/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 87f1ea01f64fcd488a91b1116c9a332ae3fe850ef410f095c3ab1d43797395d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:14 GMT
content-encoding: gzip
via: 1.1 varnish
x-amz-request-id: DMQ0VXVMMM0KRF8N
age: 52038
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 73789
x-amz-id-2: nd7yKFNno5gaiIkYdeWblRhP0SWOJgnJBLyODdesFdJXuWv3rSrWqqis9H8OhbiDjZheCY5zyso=
x-served-by: cache-fra-eddf8230040-FRA
last-modified: Thu, 06 Apr 2023 12:51:07 GMT
x-timer: S1682690415.770595,VS0,VE0
etag: "55a9fd1b63eca73cd6ec251754dbba9f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 325

GET
H3 200 cushmanwakefield Show response
cushmanwakefield.ralichange.com/api/foundation-svc/internal/org/ 2 KB
1 KB 406ms
406ms Fetch
application/json 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cushmanwakefield.ralichange.com/api/foundation-svc/internal/org/cushmanwakefield

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/_next/static/chunks/pages/_app-8003daa2dd3c45b7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9719a1cd5690a76745779b4e3376184147d00c8f615d9cb349006b85edbd28a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cushmanwakefield.ralichange.com/login?returnTo=/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJraWQiOiJTeWx2SmtUdERaTHNrNXBfRDc4aFBoTTlxVTN6RDJuYVN5cTRRaXhZU2pjIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULk5kVlBLUm9qbWtycmw5UEJQTmRDSFUwZzk0d3VYenU2eW9tOHF2RnlZQkEiLCJpc3MiOiJodHRwczovL3JhbGlsb2dpbi5va3RhLmNvbS9vYXV0aDIvYXVzM2VwZTM0eUtKQmlqazE2OTciLCJhdWQiOiJhcGk6Ly9yYWxpL2F1dGgiLCJpYXQiOjE2ODI2OTA0MTQsImV4cCI6MTY4MjY5MDcxNCwiY2lkIjoiMG9hM2VwZTMxdjIzaXVUVVE2OTciLCJzY3AiOlsib3JnX2luZm8iXSwic3ViIjoiMG9hM2VwZTMxdjIzaXVUVVE2OTcifQ.mqo8KXltntAvzlL9vzJEr2DKUzZMI7p1bqFBoLsD4gO9jJwH6VScBfUPc0WS7K9htzvucirSEvV06ywfwJM21zF_HLK-lle8mgYUp8vhIVnH2wq24PcezNPgFGMwlli8S0I2D8QldxEMMU1vLTikabK8Rwpx8j37nBtViW5hPZ_M4ZqsUfE_q9svfmfZLZvXzkA9pyxuKhNizvUoviKEBEgy0oMgNm2NTzDEfdngWJxkG2-Abk6mr55mLalnBY_8FIDIZBwif-LIr0cVgi7_8OcMrOzYYAKYfG9y91gHuNHNE0dvnVHazpucoBUH023acKiabzPtwX2J3GuwujwS9Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 Apr 2023 14:00:16 GMT
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 spaces-router (e46a9e002bdb), 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6l6mkCL0g7TFLsc6EI573ztRkpfKi8Np%2FHhle6yLxxvWRCdwYhS74lL4t5cZ8xrXL4Wixo2DuP0bc4%2B4xKQWaGe63Y%2FKm86TNONLkaIpZ7W9MwiKar2nRZvSuDhK7RD1GsoODPBNJPIvoOQ91MN0I6O%2BojCt58rYcig7hBMb"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
onq_ref_id: 31U5CLJHUVS2B
cf-ray: 7befd4999e760a6b-AMS
expires: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
78 KB 91ms
34ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CGVJRDP677

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/_next/static/chunks/pages/_app-8003daa2dd3c45b7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18861be2fa18954447e13658377fedc68e70de3a0cd5e110cb76f7c54ea727bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 14:00:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79176
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 28 Apr 2023 14:00:15 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 46ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-CGVJRDP677&gtm=45je34q0&_p=807250868&cid=1145002871.1682690416&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=1&sid=1682690415&sct=1&seg=0&dl=https%3A%2F%2Fcushmanwakefield.ralichange.com%2Flogin%3FreturnTo%3D%2F&dt=&en=scroll&_fv=1&_nsi=1&_ss=1&ep.allowLinker=true&epn.percent_scrolled=90
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CGVJRDP677
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cushmanwakefield.ralichange.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Apr 2023 14:00:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cushmanwakefield.ralichange.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET authorize
ralilogin.ralichange.com/oauth2/default/v1/ 0
0

GET
H2 200 authorize Show response
ralilogin.ralichange.com/oauth2/default/v1/ 27 KB
7 KB 751ms
710ms Document
text/html 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ralilogin.ralichange.com/oauth2/default/v1/authorize?client_id=0oa4wv6aooY67tA7L697&scope=openid%20profile%20email%20offline_access&response_type=code&redirect_uri=https://cushmanwakefield.ralichange.com/api/auth/callback&state=42ddd4df23e45eabf557161d4efd1bd8

Requested by

Host: cushmanwakefield.ralichange.com
URL: https://cushmanwakefield.ralichange.com/_next/static/chunks/6599-f2bc195c1c700a28.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

baeccb9dd2d08276d39e9a056b3769ca0d3f7780e66b45e939eca65729d68a98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cushmanwakefield.ralichange.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 7befd49c6e1506ce-AMS
content-encoding: br
content-language: de
content-type: text/html;charset=utf-8
date: Fri, 28 Apr 2023 14:00:16 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="HONK"
pragma: no-cache
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xadFEK0oVPIdhgqsi32ggSIKfnx0mKGUdthTdNQDk7EH4hY%2BXmzx%2FPgL0lneDYhidXU%2By9ZFWB%2FC%2B0DuS37qaft%2F8TfalVo6TzLk8aj1mjtUBlANagWVWshbTG6tVW3qA8REYBlY2s6UnY76%2B%2Fr3OLXWknbb%2BfU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-okta-request-id: ZEvRcLvy-XKbGnsbF-C9PwAACJ4
x-rate-limit-limit: 60
x-rate-limit-remaining: 59
x-rate-limit-reset: 1682690476
x-robots-tag: noindex,nofollow
x-ua-compatible: IE=edge
x-xss-protection: 0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 56ms
22ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;700&display=swap

Requested by

Host: ralilogin.ralichange.com
URL: https://ralilogin.ralichange.com/oauth2/default/v1/authorize?client_id=0oa4wv6aooY67tA7L697&scope=openid%20profile%20email%20offline_access&response_type=code&redirect_uri=https://cushmanwakefield.ralichange.com/api/auth/callback&state=42ddd4df23e45eabf557161d4efd1bd8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

db69348f1f4d0308cc31261cd6999c9cc17745c93880d56bdd0f191fd7fc303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Apr 2023 14:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 13:41:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Apr 2023 14:00:16 GMT

GET
H2 200 okta-sign-in.min.js Show response
ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/ 2 MB
505 KB 83ms
15ms Script
application/javascript 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/okta-sign-in.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9d75be9fa71d9de02417f044d50b1264dc564d453ee20efc7faa9d819a8ffdfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
date: Thu, 27 Apr 2023 02:40:07 GMT
x-amz-cf-pop: FRA56-P2
age: 982573
x-cache: Hit from cloudfront
last-modified: Thu, 03 Feb 2022 21:10:43 GMT
server: nginx
etag: W/"3201febd49d61359da808444b6a8dd0e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: 4MKd5n_BhP3gBo_YexN0eH83l7vvzn06vk-eqlNyiw9ccg2RX1ITAw==
expires: Tue, 16 Apr 2024 05:04:03 GMT

GET
H2 200 okta-sign-in.min.css
ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/css/ 211 KB
37 KB 77ms
9ms Stylesheet
text/css 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/css/okta-sign-in.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9088ba84bd8facb1ae216959655256308143f85f3608acb93880347b60f9a620

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 05:04:03 GMT
strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 982573
x-cache: Hit from cloudfront
last-modified: Thu, 03 Feb 2022 21:10:33 GMT
server: nginx
etag: W/"32082203138e95c3496af212b9076cd4"
vary: Accept-Encoding
content-type: text/css
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: 0YwMZ8CD8dOtI7you42svF7sr_iCdA5gurPQQy7Ir6sBNH-7ynyZdQ==
expires: Tue, 16 Apr 2024 05:04:03 GMT

GET
H2 200 custom-signin.241e0fb439244dc50c5929c0513a6765.css
ok14static.oktacdn.com/assets/loginpage/css/ 2 KB
1 KB 82ms
14ms Stylesheet
text/css 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/loginpage/css/custom-signin.241e0fb439244dc50c5929c0513a6765.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 05:31:36 GMT
strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 894520
x-cache: Hit from cloudfront
last-modified: Tue, 22 Mar 2022 20:44:11 GMT
server: nginx
etag: W/"241e0fb439244dc50c5929c0513a6765"
vary: Accept-Encoding
content-type: text/css
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: 258e6ZNOC6hboqOGfoOvlH5FvLpPu7_LmOwEMONjEYAl76IhpR4YSQ==
expires: Wed, 17 Apr 2024 05:31:36 GMT

GET
H2 200 okta-logo.1e146cad5713da744492be95eb0f7793.png
ok14static.oktacdn.com/assets/img/logos/ 3 KB
4 KB 17ms
17ms Image
image/png 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok14static.oktacdn.com/assets/img/logos/okta-logo.1e146cad5713da744492be95eb0f7793.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

4146f4c2384967dede1db1dae2da81c246d3d50228056bc0bb842e2ae868e13a

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 04:08:23 GMT
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1245113
x-cache: Hit from cloudfront
content-length: 3422
last-modified: Tue, 24 May 2022 21:46:30 GMT
server: nginx
etag: "1e146cad5713da744492be95eb0f7793"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: dUgIKV8nqQoUUQv1jlb3dWJDdjWTSW6lFdnRv2dmy8bFY5SfU4qLbQ==
expires: Sat, 13 Apr 2024 04:08:23 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 47ms
13ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ralilogin.ralichange.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 02:07:31 GMT
x-content-type-options: nosniff
age: 42766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Apr 2024 02:07:31 GMT

GET
H2 200 initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js Show response
ok14static.oktacdn.com/assets/js/mvc/loginpage/ 205 KB
77 KB 7ms
7ms Script
application/javascript 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js

Requested by

Host:
URL: OktaUtil.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

f5d6a6e7d3648b0830cf9de5ef59d2167e2536885e4174b6ff8af73f6dd80978

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-sha1sum: 8d9f54b48d8e525e03f87987c5b3b3de22f15b92
strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
date: Sat, 22 Apr 2023 03:34:34 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 555943
x-cache: Hit from cloudfront
last-modified: Tue, 07 Feb 2023 22:45:12 GMT
server: nginx
etag: W/"e3c1ead3b55da6c854c20649a1e437c8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: ZL6L4ufRS16eBjGMEOukVKlqaYn0YNa4EIgrPzkr_R6bNk8gGdyoNg==
expires: Sun, 21 Apr 2024 03:34:34 GMT

GET
H2 200 login_de.json Show response
ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/labels/json/ 94 KB
94 KB 25ms
10ms XHR
application/json 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/labels/json/login_de.json

Requested by

Host: ok14static.oktacdn.com
URL: https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/okta-sign-in.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

38f8eb122e4cd7106a24918dba446a8a803acecc0bc915572ed4b68f335d1550

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 17 Apr 2023 10:07:49 GMT
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 964348
x-cache: Hit from cloudfront
content-length: 95805
last-modified: Thu, 03 Feb 2022 21:10:46 GMT
server: nginx
etag: "954dbbb0ad784f4143c7e49567dbf9f6"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: WJhE5fWKPBz-TP7A5lVgOZTOVMQnhf1_6ZKfWA6kXbr9QzJLZNWEBA==
expires: Tue, 16 Apr 2024 10:07:49 GMT

GET
H2 200 country_de.json Show response
ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/labels/json/ 5 KB
5 KB 25ms
10ms XHR
application/json 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/labels/json/country_de.json

Requested by

Host: ok14static.oktacdn.com
URL: https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/okta-sign-in.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 20 Apr 2023 06:26:50 GMT
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 718407
x-cache: Hit from cloudfront
content-length: 4805
last-modified: Thu, 03 Feb 2022 21:10:44 GMT
server: nginx
etag: "51bec6463b4f7c5a26ede1fd8ee067f8"
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: y8CXNQPLqJ69Cqo3qRzeLTrMrBnHm950QWUtY_iqrrkxWO6WTAscOw==
expires: Fri, 19 Apr 2024 06:26:50 GMT

GET
H/1.1 200
OK iframe.html Show response
login.okta.com/discovery/ Frame 9743 451 B
891 B 151ms
7ms Document
text/html 108.138.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/discovery/iframe.html
Requested by: Host: ok14static.oktacdn.com
URL: https://ok14static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.e3c1ead3b55da6c854c20649a1e437c8.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-85.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: af9e0ea5cb6a750c1bb914ab4b7fadaeeaabb2812d25eb23b3250d9013e579ba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 39190
Connection: keep-alive
Content-Length: 451
Content-Type: text/html
Date: Fri, 28 Apr 2023 03:07:08 GMT
ETag: "3e03d2d5a28fe4751c15cf6507fc4aeb"
Last-Modified: Thu, 13 Apr 2023 15:39:37 GMT
Server: AmazonS3
Via: 1.1 8d07edb8bf98788bf512d51f8cc554f6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: p9vJ4sJDAZdqMxXktAN71JiRcNKPd86vPcioNqlJzsemEMj0iudGHg==
X-Amz-Cf-Pop: FRA56-P6
X-Cache: Hit from cloudfront

POST
H3 200 introspect
ralilogin.ralichange.com/idp/idx/ 1 KB
4 KB 835ms
835ms XHR
application/ion+json 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ralilogin.ralichange.com/idp/idx/introspect

Requested by

Host: ok14static.oktacdn.com
URL: https://ok14static.oktacdn.com/assets/js/sdk/okta-signin-widget/5.16.1/js/okta-sign-in.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept: application/ion+json; okta-version=1.0.0
Referer
x-okta-user-agent-extended: okta-signin-widget-5.16.1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: application/ion+json; okta-version=1.0.0

Response headers

x-okta-request-id: ZEvRce675u4cwEoYQTRTUAAACv8
date: Fri, 28 Apr 2023 14:00:17 GMT
content-security-policy: frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
x-rate-limit-limit: 2000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-rate-limit-remaining: 1999
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com; connect-src 'self' ralilogin.okta.com ralilogin-admin.okta.com ralilogin.ralichange.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com ralilogin.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com; style-src 'unsafe-inline' 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' ralilogin.okta.com ralilogin-admin.okta.com ralilogin.ralichange.com login.okta.com com-okta-authenticator:; img-src 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' ralilogin.okta.com ralilogin.ralichange.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
p3p: CP="HONK"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: no-cache
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ej6czK5pplcGYzRjRDPhSSWf3NzmjyZQ%2BHhaeuvy%2F2CWTukrf11bjhxIqAE8rTCc8qB41hfkR2e1XlkR0MAmVN2dS0xFnwKNPN0aSvHErLv6Agtw5BYCG9y3CL6ttS6c%2BC4fk7SIk0Afd%2BF8eaylN5e%2BOj%2BPB8g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/ion+json;okta-version=1.0.0
access-control-allow-origin: https://ralilogin.ralichange.com
x-rate-limit-reset: 1682690477
access-control-allow-credentials: true
cache-control: no-cache, no-store
x-robots-tag: noindex,nofollow
cf-ray: 7befd4a30ce20a6b-AMS
expires: 0

GET
H/1.1 200
OK discoveryIframe-580a3123874a0e600803.min.js Show response
login.okta.com/lib/ Frame 9743 96 KB
96 KB 7ms
7ms Script
application/javascript 108.138.7.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/lib/discoveryIframe-580a3123874a0e600803.min.js
Requested by: Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-85.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3ba13ba24e042794e9f5d55e2032aec59b7896bf64d0d125ffc4742834981828

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.okta.com/discovery/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 28 Apr 2023 02:19:28 GMT
Via: 1.1 8d07edb8bf98788bf512d51f8cc554f6.cloudfront.net (CloudFront)
Last-Modified: Thu, 13 Apr 2023 15:39:38 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P6
Age: 42050
ETag: "786d615ef5571017953861b98a190f8f"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 98190
X-Amz-Cf-Id: DXI8ijB3dhOMhsyRYxhbNeOT9nJE-dBevAHSq7-D33oGT0JssJgrsw==

GET
H3 200 0oa54u5wr4qN5RNBx697 Show response
ralilogin.ralichange.com/sso/idps/ 30 KB
10 KB 262ms
262ms Document
text/html 2606:4700:3034::ac43:d8fb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ralilogin.ralichange.com/sso/idps/0oa54u5wr4qN5RNBx697?stateTokenExternalId=YWllS01yQWhWT2QxcHo4SUppNjdOaXRwUU4wZCtyVCtMR2JqOTF0R0Q0eHAxRTJsZXpDS3ZtL05XR1oxUy9yYw

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:d8fb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb2dcf4188752f51056ab7ca7637ca385ee1e412710dc57b58397da045f8167

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 7befd4a8ecaa0a6b-AMS
content-encoding: br
content-language: de
content-security-policy: frame-ancestors 'self'
content-security-policy-report-only: default-src 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com; connect-src 'self' ralilogin.okta.com ralilogin-admin.okta.com ralilogin.ralichange.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com ralilogin.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com; style-src 'unsafe-inline' 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' ralilogin.okta.com ralilogin-admin.okta.com ralilogin.ralichange.com login.okta.com com-okta-authenticator:; img-src 'self' ralilogin.okta.com ralilogin.ralichange.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' ralilogin.okta.com ralilogin.ralichange.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
content-type: text/html;charset=utf-8
date: Fri, 28 Apr 2023 14:00:18 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="HONK"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Yby9C7MiBVTeadPRLPrVUpgUC0om4hX8uEDqQclRfYhz8I9MqooXzV1RSEX2QRvA8HKO%2FnDSCZgZ51yR1vtNsj1TUKpSaI2RxAW4IGCGtks0YyrGoHREEkbHIcX7jzmTHgJjANJvPmlLWhcVoA8Q%2FXnXM%2Bd8jw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-okta-request-id: ZEvRcu675u4cwEoYQTRTVQAACv8
x-rate-limit-limit: 1000
x-rate-limit-remaining: 999
x-rate-limit-reset: 1682690478
x-robots-tag: noindex,nofollow
x-xss-protection: 0

GET
H2 200 jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js Show response
ok14static.oktacdn.com/assets/js/ 289 KB
101 KB 8ms
8ms Script
application/javascript 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js

Requested by

Host: ralilogin.ralichange.com
URL: https://ralilogin.ralichange.com/sso/idps/0oa54u5wr4qN5RNBx697?stateTokenExternalId=YWllS01yQWhWT2QxcHo4SUppNjdOaXRwUU4wZCtyVCtMR2JqOTF0R0Q0eHAxRTJsZXpDS3ZtL05XR1oxUy9yYw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

43e51f129fb6eb0f52aee5fb4857f14796f9a5b38e66f445658db1ac1fb7298e

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ralilogin.ralichange.com/
Origin: https://ralilogin.ralichange.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-sha1sum: 26667ee897b9e91a9b54c3d4aa445649aa92543d
strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
date: Wed, 19 Apr 2023 19:34:54 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 986803
x-cache: Hit from cloudfront
last-modified: Tue, 06 Dec 2022 21:53:51 GMT
server: nginx
etag: W/"2ef93d9aedc4198ec425a799a371292d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: 1ZcU-nj0MEYHDBuf4AAKINdGu1BrudOSaZWFC0_ESQuFm1n_UrqFkg==
expires: Tue, 16 Apr 2024 03:53:35 GMT

GET
H2 200 interstitial.feb135ed7f21adf41b7543c04f346635.css
ok14static.oktacdn.com/assets/css/sections/ 9 KB
3 KB 7ms
7ms Stylesheet
text/css 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/css/sections/interstitial.feb135ed7f21adf41b7543c04f346635.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

362334ea318c3797894fe20715a4aa04d56c94ca0853ceeb0898dca803c3d159

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ralilogin.ralichange.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 23:54:06 GMT
x-amz-meta-sha1sum: d1175a250e20657a3e18ccfca2fb14a9e792cb6e
content-encoding: gzip
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1433172
x-cache: Hit from cloudfront
last-modified: Tue, 11 Apr 2023 22:58:16 GMT
server: nginx
etag: W/"feb135ed7f21adf41b7543c04f346635"
vary: Accept-Encoding
content-type: text/css
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: IdRBszFR0voj2t7B-JBCEDsOCHhDKeqasfOg3du40_fZgTkloGB_Ig==
expires: Wed, 10 Apr 2024 23:54:06 GMT

GET
H2 200 interstitial-dark-blue-brand.d4ca51b5579d1772af159f12276beb72.gif
ok14static.oktacdn.com/assets/img/ui/indicators/ 143 KB
144 KB 7ms
7ms Image
image/gif 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok14static.oktacdn.com/assets/img/ui/indicators/interstitial-dark-blue-brand.d4ca51b5579d1772af159f12276beb72.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ralilogin.ralichange.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
date: Thu, 20 Apr 2023 06:23:48 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 718591
x-cache: Hit from cloudfront
content-length: 146495
last-modified: Wed, 15 Dec 2021 01:29:19 GMT
server: nginx
etag: "d4ca51b5579d1772af159f12276beb72"
content-type: image/gif
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: QZi-Lcbca3DNwgOSspCMC8lsbN99l9wFMq3e3hLB_S4RZyiYOnmtFw==
expires: Fri, 19 Apr 2024 06:23:47 GMT

GET
H2 200 interstitial.474dce61acfac4a4d016921943cf2a68.js
ok14static.oktacdn.com/assets/js/app/sso/ 678 B
1 KB 9ms
8ms Script
application/javascript 18.66.97.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok14static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ralilogin.ralichange.com/
Origin: https://ralilogin.ralichange.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
date: Wed, 26 Apr 2023 01:19:56 GMT
x-amz-cf-pop: FRA56-P2
age: 218422
x-cache: Hit from cloudfront
last-modified: Wed, 19 May 2021 17:53:06 GMT
server: nginx
etag: W/"474dce61acfac4a4d016921943cf2a68"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id: dQM7pCpmHwv38bSd9d8e7EARVq8JN5cmko6httn0gW7fBHxwBaBAUQ==
expires: Thu, 25 Apr 2024 01:19:56 GMT

POST
H/1.1 200
OK saml2 Show response
login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/ 157 KB
58 KB 213ms
115ms Document
text/html 40.126.31.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.31.67 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

80af793cc81562d336256b2b974b492450369f357e20d05fdad1a3606a519fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ralilogin.ralichange.com
Referer: https://ralilogin.ralichange.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 58376
Content-Type: text/html; charset=utf-8
Date: Fri, 28 Apr 2023 14:00:17 GMT
Expires: -1
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server: 2.1.15175.9 - EUS ProdSlices
x-ms-request-id: 2f4f57dd-c8df-448a-8d6f-aabfc23b7500

POST
H/1.1 200
OK reportbssotelemetry
login.microsoftonline.com/common/instrumentation/ 265 B
1 KB 49ms
49ms Ping
application/json 40.126.31.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=1900&client-request-id=39b52865-e93d-4fe1-958e-a011968ed6f6&hpgrequestid=2f4f57dd-c8df-448a-8d6f-aabfc23b7500

Requested by

Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.31.67 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 28 Apr 2023 14:00:17 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
Content-Type: application/json; charset=utf-8
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: d289f4ba-a8e8-46c6-886b-74eccb2c2500
Cache-Control: no-store, no-cache
Content-Length: 265
x-ms-ests-server: 2.1.15175.9 - WEULR2 ProdSlices
X-XSS-Protection: 0
Expires: -1

POST
H/1.1 200
OK Primary Request saml2 Show response
login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/ 204 KB
53 KB 209ms
161ms Document
text/html 40.126.31.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.31.67 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8a55f784354c6b55227f1fcc0756112be303ab6ce9afafe7bdc331d06de8c710

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://login.microsoftonline.com
Referer: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 52408
Content-Type: text/html; charset=utf-8
Date: Fri, 28 Apr 2023 14:00:17 GMT
Expires: -1
Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: on
X-Frame-Options: DENY
X-XSS-Protection: 0
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server: 2.1.15175.9 - EUS ProdSlices
x-ms-request-id: eede1f15-8ec2-4bb4-be2b-92cf386a5b00

GET
H2 200 ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js Show response
aadcdn.msauth.net/shared/1.0/content/js/ 406 KB
113 KB 101ms
10ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 67769a6666da049160418b9bc23f1b5ef80b8e64f31adfeae07609c1323a8df4

Request headers

Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:18 GMT
content-encoding: gzip
x-azure-ref-originshield: 0tI1LZAAAAABQkUebDpnmRanwPjOToVGeRlJBMjMxMDUwNDE4MDA5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: 8k5PcnJiUND9J+3SrqIU9Q==
x-cache: TCP_HIT
content-length: 114908
x-ms-lease-status: unlocked
last-modified: Thu, 16 Mar 2023 18:12:28 GMT
etag: 0x8DB264A00C5B658
x-azure-ref: 0ctFLZAAAAACgHpDc2LzcToOoA1PXuUY0RlJBMzFFREdFMDQxNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3d279524-101e-000a-7490-6d3966000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H/1.1 200
OK Me.htm
login.live.com/ 0
0 382ms
102ms Other
text/html 2603:1026:3000:150::8

General

Check archive.org

Show headers Download Go to

Full URL: https://login.live.com/Me.htm?v=3
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2603:1026:3000:150::8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

GET
H2 200 convergedlogin_pcustomizationloader_6d0f034edc7f959d3b0d.js Show response
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 107 KB
32 KB 54ms
20ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6d0f034edc7f959d3b0d.js
Requested by: Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 684b00f00affae290934eecbe42eb5eda60e464ad42f84fcfbeacc44ea94e058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:18 GMT
content-encoding: gzip
x-azure-ref-originshield: 09AFJZAAAAAArmSKoIhr+S6t9T9WHT9Z5RlJBMjMxMDUwNDE3MDE3ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: OQp8wyezCVBxxlQ0oNEkXg==
x-cache: TCP_HIT
content-length: 32199
x-ms-lease-status: unlocked
last-modified: Tue, 28 Feb 2023 01:22:38 GMT
etag: 0x8DB192A47FA95B3
x-azure-ref: 0c9FLZAAAAADl5uRvihJ8S40mxOCpyPpvRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c62d1dba-d01e-0052-0f36-6d0244000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 converged.v2.login.min_ri9kuwotliet3wfbgspsga2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 0
20 KB 19ms
12ms Other
text/css 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ri9kuwotliet3wfbgspsga2.css
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:18 GMT
content-encoding: gzip
x-azure-ref-originshield: 0UBJLZAAAAAB69BWKp7ikT6XlEW3tqosnRlJBMjMxMDUwNDE3MDIzADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: ChFamsxirG9fmBt4/kbQ4Q==
x-cache: TCP_HIT
content-length: 20004
x-ms-lease-status: unlocked
last-modified: Tue, 07 Mar 2023 21:22:34 GMT
etag: 0x8DB1F52117A5E28
x-azure-ref: 0c9FLZAAAAAAnm1BeVFGTTrUrfkxtySrKRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: d78012d0-501e-005a-0b18-6d5a55000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 ux.converged.login.strings-de.min_x0xs_1mykdhy9hzism5kza2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ 0
15 KB 26ms
19ms Other
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_x0xs_1mykdhy9hzism5kza2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:18 GMT
content-encoding: gzip
x-azure-ref-originshield: 03RZLZAAAAAD0OyMi8/2qSb8aFH6VE+u2RlJBMjMxMDUwNDE3MDIxADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: XyZj0gbItnn6kRD2vExznA==
x-cache: TCP_HIT
content-length: 15482
x-ms-lease-status: unlocked
last-modified: Fri, 17 Mar 2023 00:54:28 GMT
etag: 0x8DB26822940F470
x-azure-ref: 0c9FLZAAAAACHZ5GasKcjT5G2mXybn78DRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6586eeda-d01e-0006-1d7f-6dcd7f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 convergedlogin_pfetchsessionsprogress_acf6fa8e3cf2ed1f4a24.js Show response
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 15 KB
6 KB 32ms
32ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_acf6fa8e3cf2ed1f4a24.js
Requested by: Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c3262829ee080da4f3a9e8792a4a4dc6d83ff25e5112d582f9a469e86a3440a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
content-encoding: gzip
x-azure-ref-originshield: 0nRRLZAAAAACbiudbQyqsQLn2EJPo83V+RlJBMjMxMDUwNDE3MDE3ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: RiTl/DRDayD2iHRM6kSPAA==
x-cache: TCP_HIT
content-length: 5530
x-ms-lease-status: unlocked
last-modified: Tue, 28 Feb 2023 01:22:39 GMT
etag: 0x8DB192A480172EE
x-azure-ref: 0c9FLZAAAAACguPlX/dBTTLO+Bad070UyRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 0cf77e21-c01e-0023-286c-6ddb46000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ 3 KB
3 KB 31ms
31ms Image
image/gif 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
x-azure-ref-originshield: 0h7pIZAAAAADMOYHpFqLoRrtPSYVJXo7lRlJBMjMxMDUwNDE4MDE5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: Fm3lNHEmUlOrOkVt7+baIw==
x-cache: TCP_HIT
content-length: 2672
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83739984DD
x-azure-ref: 0c9FLZAAAAABtsEOEMtw3RYT7mVxzGXgJRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/gif
access-control-allow-origin: *
x-ms-request-id: 2b1ef330-801e-0073-01de-6fb875000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ 4 KB
4 KB 32ms
32ms Image
image/gif 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
x-azure-ref-originshield: 07gA/ZAAAAAC+HX0CpTcgQ4mQnZ57zckmRlJBMjMxMDUwNDE4MDI3ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: tUCo5RgDcZLjLE/li/Lbqw==
x-cache: TCP_HIT
content-length: 3620
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
etag: 0x8D79B8373B17F89
x-azure-ref: 0c9FLZAAAAAB/bbJs+EbAR7n/bMw1HnPoRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/gif
access-control-allow-origin: *
x-ms-request-id: d31b7287-c01e-005b-52ff-717157000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 illustration
aadcdn.msauthimages.net/dbd5a2dd-kh6b2cm7xa0ejaxl2iy9ivrsb9knmqllpeid-7smlgq/logintenantbranding/0/ 249 KB
249 KB 61ms
7ms Image
image/jpeg 2606:2800:233:3d10:442f:fac8:6d32:4c87
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauthimages.net/dbd5a2dd-kh6b2cm7xa0ejaxl2iy9ivrsb9knmqllpeid-7smlgq/logintenantbranding/0/illustration?ts=635982764772194095
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:3d10:442f:fac8:6d32:4c87 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CBA) /
Resource Hash: a514a635b29479ddbd619591d52cf8c95a80980763aefc62d34eeed34b63f1b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
last-modified: Sun, 08 May 2016 03:54:37 GMT
server: ECAcc (frc/4CBA)
content-md5: FqRypHHo+t7fKVmi0D5Lew==
age: 18422
etag: 0x8D376F47977F3E4
x-cache: HIT
content-type: image/jpeg
x-ms-request-id: e44de540-d01e-0063-31ae-79c67c000000
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
content-length: 254784

GET
H2 200 bannerlogo
aadcdn.msauthimages.net/dbd5a2dd-kh6b2cm7xa0ejaxl2iy9ivrsb9knmqllpeid-7smlgq/logintenantbranding/0/ 19 KB
19 KB 67ms
14ms Image
image/png 2606:2800:233:3d10:442f:fac8:6d32:4c87
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauthimages.net/dbd5a2dd-kh6b2cm7xa0ejaxl2iy9ivrsb9knmqllpeid-7smlgq/logintenantbranding/0/bannerlogo?ts=635982773009896622
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:3d10:442f:fac8:6d32:4c87 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CE7) /
Resource Hash: 27fe740a5e10fcdb3be7bb196e34f2c3cc501e0ee34ec9385ac6dcae93aef90c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
last-modified: Sun, 08 May 2016 04:08:22 GMT
server: ECAcc (frc/4CE7)
content-md5: xw32jSTgFf5Zc8uF3Lfirw==
age: 23001
etag: 0x8D376F6656D2087
x-cache: HIT
content-type: image/png
x-ms-request-id: eeccee59-201e-007d-4ba4-791c91000000
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
content-length: 19751

GET
H2 200 marching_ants_white_166de53471265253ab3a456defe6da23.gif
aadcdn.msauth.net/shared/1.0/content/images/ 3 KB
3 KB 21ms
21ms Image
image/gif 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
Requested by: Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
x-azure-ref-originshield: 0h7pIZAAAAADMOYHpFqLoRrtPSYVJXo7lRlJBMjMxMDUwNDE4MDE5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: Fm3lNHEmUlOrOkVt7+baIw==
x-cache: TCP_HIT
content-length: 2672
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jan 2020 19:28:37 GMT
etag: 0x8D79B83739984DD
x-azure-ref: 0c9FLZAAAAAAfR26ArXANQLQgU/RqQDpWRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/gif
access-control-allow-origin: *
x-ms-request-id: 2b1ef330-801e-0073-01de-6fb875000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
aadcdn.msauth.net/shared/1.0/content/images/ 4 KB
4 KB 21ms
20ms Image
image/gif 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
Requested by: Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
x-azure-ref-originshield: 07gA/ZAAAAAC+HX0CpTcgQ4mQnZ57zckmRlJBMjMxMDUwNDE4MDI3ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: tUCo5RgDcZLjLE/li/Lbqw==
x-cache: TCP_HIT
content-length: 3620
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jan 2020 19:28:38 GMT
etag: 0x8D79B8373B17F89
x-azure-ref: 0c9FLZAAAAAB1WbwHvVO3R5ha/SNT9tzTRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/gif
access-control-allow-origin: *
x-ms-request-id: d31b7287-c01e-005b-52ff-717157000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H/1.1 401
Unauthorized ssoprobe
autologon.microsoftazuread-sso.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/winauth/ 12 B
1 KB 242ms
121ms Image
image/png 2603:1026:3000:c8::6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://autologon.microsoftazuread-sso.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/winauth/ssoprobe?client-request-id=9be075a0-753c-4182-88b2-dc30d09ae813&_=1682690419181

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1026:3000:c8::6 -, , ASN (),

Reverse DNS

Software

Resource Hash

d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Fri, 28 Apr 2023 14:00:18 GMT
X-Content-Type-Options: nosniff
WWW-Authenticate: Negotiate
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Length: 12
X-XSS-Protection: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png; charset=utf-8
Access-Control-Allow-Origin: https://login.microsoftonline.com
x-ms-request-id: 41f1f09b-2014-4f8f-9a9c-c04673895c00
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server: 2.1.15175.9 - NCUS ProdSlices
Expires: -1

POST
H/1.1 200
OK dssostatus Show response
login.microsoftonline.com/common/instrumentation/ 265 B
1 KB 158ms
157ms XHR
application/json 40.126.31.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/common/instrumentation/dssostatus

Requested by

Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.31.67 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5cd2728aee23cab0cce4d2357e438442b8a3549f3ecc259bb04659aa020edfb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

hpgrequestid: eede1f15-8ec2-4bb4-be2b-92cf386a5b00
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
client-request-id: 9be075a0-753c-4182-88b2-dc30d09ae813
canary: PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr9iKWPzx-jSKmfhacHiw2JdJ51CjAa_fRFGiUZ-Ooaatt8JnNvh3os2ne9z2omoU6VO22abS-2zAtLAa7bWAm6TLIqs7o-rp8uaYc7r1z1Ye_voVjKHb4KbbCmYy5Ns9AIyVyBK3jW7gkLZmoT8533W7SUk9aUGwTjHci6Aa_udvHIQrCc0JBS92uZza2FrnOcN4Iy6jChuM7XQKYJbvLnCAA
Content-type: application/json; charset=UTF-8
hpgid: 1104
Accept: application/json
Referer: https://login.microsoftonline.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/saml2?sso_reload=true
hpgact: 1900

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 28 Apr 2023 14:00:18 GMT
X-Content-Type-Options: nosniff
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
client-request-id: 9be075a0-753c-4182-88b2-dc30d09ae813
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Length: 265
X-XSS-Protection: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
x-ms-request-id: 3b0b570d-e9fa-4340-9c3c-7ac96ec01e00
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server: 2.1.15256.7 - WUS2 ProdSlices
Expires: -1

GET
H2 200 convergedlogin_pstringcustomizationhelper_12d145c6db04e5f655d1.js Show response
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ 111 KB
35 KB 10ms
10ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_12d145c6db04e5f655d1.js
Requested by: Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_fDEeyPmTrJZRJANKd5wNrA2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 63208f374321428494b35beefbc5a80b325c319c3a5d71311879159ec52ea5e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
content-encoding: gzip
x-azure-ref-originshield: 0kJ9LZAAAAADpVsIFxdS3T6ZfdnfsMBJ2RlJBMjMxMDUwNDE3MDA5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: UGdLnNjQ2ANqAZtcyoAOCg==
x-cache: TCP_HIT
content-length: 35822
x-ms-lease-status: unlocked
last-modified: Tue, 28 Feb 2023 01:22:40 GMT
etag: 0x8DB192A489F53AB
x-azure-ref: 0c9FLZAAAAADVsFC+lX7dQIkRZm1+TbIdRlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8a12dbcb-701e-001c-121b-6d7348000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ 2 KB
966 B 10ms
10ms Image
image/svg+xml 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 28 Apr 2023 14:00:19 GMT
content-encoding: gzip
x-azure-ref-originshield: 0VRVLZAAAAAADJtNmIaJPTLCgUbl/AmQuRlJBMjMxMDUwNDE4MDQ1ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: R2FAVxfpONfnQAuxVxXbHg==
x-cache: TCP_HIT
content-length: 621
x-ms-lease-status: unlocked
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
etag: 0x8D8852A7FA6B761
x-azure-ref: 0c9FLZAAAAAC1+WAor1+pSLpL/cDviRJERlJBMzFFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: fca82710-501e-001e-410f-6d254c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ralilogin.ralichange.com
URL: https://ralilogin.ralichange.com/oauth2/default/v1/authorize?client_id=0oa4wv6aooY67tA7L697&scope=openid%20profile%20email%20offline_access&response_type=code&redirect_uri=https://cushmanwakefield.ralichange.com/api/auth/callback&state=ab2996f038ae91c52ea6097e11502a10

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-CGVJRDP677&gtm=45je34q0&_p=807250868&cid=1145002871.1682690416&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1682690415&sct=1&seg=0&dl=https%3A%2F%2Fcushmanwakefield.ralichange.com%2Flogin%3FreturnTo%3D%2F&dt=&en=user_engagement&ep.allowLinker=true&_et=1005

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cushmanwakefield.ralichange.com/	1969-12-31 23:59:59	Name: authFlowToken Value: eyJraWQiOiJTeWx2SmtUdERaTHNrNXBfRDc4aFBoTTlxVTN6RDJuYVN5cTRRaXhZU2pjIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULk5kVlBLUm9qbWtycmw5UEJQTmRDSFUwZzk0d3VYenU2eW9tOHF2RnlZQkEiLCJpc3MiOiJodHRwczovL3JhbGlsb2dpbi5va3RhLmNvbS9vYXV0aDIvYXVzM2VwZTM0eUtKQmlqazE2OTciLCJhdWQiOiJhcGk6Ly9yYWxpL2F1dGgiLCJpYXQiOjE2ODI2OTA0MTQsImV4cCI6MTY4MjY5MDcxNCwiY2lkIjoiMG9hM2VwZTMxdjIzaXVUVVE2OTciLCJzY3AiOlsib3JnX2luZm8iXSwic3ViIjoiMG9hM2VwZTMxdjIzaXVUVVE2OTcifQ.mqo8KXltntAvzlL9vzJEr2DKUzZMI7p1bqFBoLsD4gO9jJwH6VScBfUPc0WS7K9htzvucirSEvV06ywfwJM21zF_HLK-lle8mgYUp8vhIVnH2wq24PcezNPgFGMwlli8S0I2D8QldxEMMU1vLTikabK8Rwpx8j37nBtViW5hPZ_M4ZqsUfE_q9svfmfZLZvXzkA9pyxuKhNizvUoviKEBEgy0oMgNm2NTzDEfdngWJxkG2-Abk6mr55mLalnBY_8FIDIZBwif-LIr0cVgi7_8OcMrOzYYAKYfG9y91gHuNHNE0dvnVHazpucoBUH023acKiabzPtwX2J3GuwujwS9Q
.ralichange.com/	1970-01-20 21:00:50	Name: _ga Value: GA1.1.1145002871.1682690416
ralilogin.ralichange.com/	1969-12-31 23:59:59	Name: t Value: default
ralilogin.ralichange.com/	1970-01-20 21:00:50	Name: DT Value: DI1gVhljrFUTGyt3-ewYFTreA
.ralichange.com/	1970-01-20 21:00:50	Name: _ga_CGVJRDP677 Value: GS1.1.1682690415.1.0.1682690416.0.0.0
ralilogin.ralichange.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 65D3AA96724CABCA268FAF6D0391AE7B
login.microsoftonline.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
login.microsoftonline.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login.microsoftonline.com/	1970-01-20 11:24:50	Name: SSOCOOKIEPULLED Value: 1
login.microsoftonline.com/	1970-01-20 12:08:02	Name: buid Value: 0.AQMAjhfFRvSgTU-MQJWY49EYYDKDJw_j0opFk06zwtzrW4kDAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevruScBFTpjmnYQJb_C1BD6a4n-ncNMQEtHJMekDF6V_B4dVcbg4FmasTqEx5wAPWzfT7WxchwTW2ccc2Ae_urE3rWl3GNheEqPkjcrMRtVT-kgAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7Wevr_cfRs4ufnshq0TtADo73V1z6EhqJAXGUuKUlPAr_8MKoMnFAzD-lDMY9nRMu0qfIdWTMfWxeg7_PiuiZIuKkIO9Dc13y9INt-jrYsniUp--cJAFH7k1OvYDcauAn-FsRBab_wsOpBxG8FV3qB6rD4dlhS4V0ko-IkwThnN2BxMZMNNTgfsEr9CHO1fUH2D5Nb3HipM4UxVHRiVtIWqGTTIBGaCKxe3pwZNCdeNRWrzYgAA
login.microsoftonline.com/	1970-01-20 12:08:02	Name: fpc Value: AoPlH1KkoM5KuRfm2BJHz4FTWjxlAQAAAHLI3dsOAAAA
.login.microsoftonline.com/	1970-01-20 20:46:26	Name: brcap Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://autologon.microsoftazuread-sso.com/46c5178e-a0f4-4f4d-8c40-9598e3d11860/winauth/ssoprobe?client-request-id=9be075a0-753c-4182-88b2-dc30d09ae813&_=1682690419181 Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msauthimages.net
autologon.microsoftazuread-sso.com
cushmanwakefield.ralichange.com
fonts.googleapis.com
fonts.gstatic.com
login.live.com
login.microsoftonline.com
login.okta.com
ok14static.oktacdn.com
ralilogin.ralichange.com
region1.google-analytics.com
static.filestackapi.com
www.googletagmanager.com
ralilogin.ralichange.com
region1.google-analytics.com
108.138.7.85
151.101.194.133
18.66.97.55
2001:4860:4802:34::36
2603:1026:3000:150::8
2603:1026:3000:c8::6
2606:2800:233:3d10:442f:fac8:6d32:4c87
2606:4700:3034::ac43:d8fb
2620:1ec:4f:1::45
2a00:1450:4001:809::200a
2a00:1450:4001:811::2008
2a00:1450:4001:82a::2003
40.126.31.67
18861be2fa18954447e13658377fedc68e70de3a0cd5e110cb76f7c54ea727bf
1fe59a93a6c3a10ea386f143184adb90d8d32fbd6566c8e0c3e24fed7a3effd7
27fe740a5e10fcdb3be7bb196e34f2c3cc501e0ee34ec9385ac6dcae93aef90c
362334ea318c3797894fe20715a4aa04d56c94ca0853ceeb0898dca803c3d159
38f8eb122e4cd7106a24918dba446a8a803acecc0bc915572ed4b68f335d1550
3ba13ba24e042794e9f5d55e2032aec59b7896bf64d0d125ffc4742834981828
4146f4c2384967dede1db1dae2da81c246d3d50228056bc0bb842e2ae868e13a
4390e30516e175ad6171269609912faceafd137d151e685176fb3e4c854504e0
43e51f129fb6eb0f52aee5fb4857f14796f9a5b38e66f445658db1ac1fb7298e
5c3262829ee080da4f3a9e8792a4a4dc6d83ff25e5112d582f9a469e86a3440a
5cd2728aee23cab0cce4d2357e438442b8a3549f3ecc259bb04659aa020edfb3
63208f374321428494b35beefbc5a80b325c319c3a5d71311879159ec52ea5e8
67769a6666da049160418b9bc23f1b5ef80b8e64f31adfeae07609c1323a8df4
684b00f00affae290934eecbe42eb5eda60e464ad42f84fcfbeacc44ea94e058
6f5a6ad3056923c951d5d780c93730c571527c6f43c4c84cbf57edd88b2b9a0a
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
77a8fc4f01974c1ec66a53686376ce4fb77eed83cfaecac491e4d8e8003c50dc
80af793cc81562d336256b2b974b492450369f357e20d05fdad1a3606a519fd2
8133428e6c2b08966871aaf6c1b48b35f31c5af533f6c6135c95f25752118d81
84a46eec67d4e3cac946756f684e3788c8ed426e8c35bbc8a4e5bb77b9582a48
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
87f1ea01f64fcd488a91b1116c9a332ae3fe850ef410f095c3ab1d43797395d0
8a55f784354c6b55227f1fcc0756112be303ab6ce9afafe7bdc331d06de8c710
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
9088ba84bd8facb1ae216959655256308143f85f3608acb93880347b60f9a620
950911eb66960dba1cf76c150c2046d5c48ce47ac854756b23f550b2aaf9b2f6
9719a1cd5690a76745779b4e3376184147d00c8f615d9cb349006b85edbd28a5
9d75be9fa71d9de02417f044d50b1264dc564d453ee20efc7faa9d819a8ffdfb
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
a514a635b29479ddbd619591d52cf8c95a80980763aefc62d34eeed34b63f1b4
a91acef119f0490ffababa3352b6e66f746572b21ffdd712e53517b9882bb275
abb2dcf4188752f51056ab7ca7637ca385ee1e412710dc57b58397da045f8167
af9e0ea5cb6a750c1bb914ab4b7fadaeeaabb2812d25eb23b3250d9013e579ba
baeccb9dd2d08276d39e9a056b3769ca0d3f7780e66b45e939eca65729d68a98
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
db69348f1f4d0308cc31261cd6999c9cc17745c93880d56bdd0f191fd7fc303f
dcc89f32e3f978bd4c2e313916b6267abd287eea87daec0e5c049150fd9062aa
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
e02e63a164d1a043b7126c16bf1bf9389510c5d2eb7eae9956aa0526cc47713d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
f303bf389abed9e7bf13779b5c5676aded945d7020e928f6aa3cbb21aabacab7
f5d6a6e7d3648b0830cf9de5ef59d2167e2536885e4174b6ff8af73f6dd80978

login.microsoftonline.com Open in urlscan Pro 40.126.31.67 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

55 Requests

96 %HTTPS

69 %IPv6

13 Domains

14 Subdomains

14 IPs

3 Countries

2273 kBTransfer

6089 kBSize

14 Cookies

3 Outgoing links

Page URL History

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

login.microsoftonline.com Open in urlscan Pro
40.126.31.67 Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

96 %
HTTPS

69 %
IPv6

13
Domains

14
Subdomains

14
IPs

3
Countries

2273 kB
Transfer

6089 kB
Size

14
Cookies

55 HTTP transactions
0 data transactions