urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
2603:1026:3000:150::6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://phishedacademy.io/auth/saml2/9b180b79-697e-4cab-9af1-3ab489a9b28f/logout
Effective URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3...
Submission: On January 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2603:1026:3000:150::6, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 11.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on November 23rd 2023. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2603:1026:300... 8075 (MICROSOFT...)
6 2606:2800:233... 15133 (EDGECAST)
7 2
Apex Domain
Subdomains		 Transfer
6 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 943
124 KB
1 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 11
14 KB
1 phishedacademy.io
phishedacademy.io
987 B
7 3
Domain Requested by
6 aadcdn.msftauth.net login.microsoftonline.com
1 login.microsoftonline.com
1 phishedacademy.io 1 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2023-11-23 -
2024-11-23		 a year crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2023-12-01 -
2024-12-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Frame ID: 709E221DC2D4E4ACAD8FF90EEFA10ABC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Abmelden

Page URL History Show full URLs

  1. https://phishedacademy.io/auth/saml2/9b180b79-697e-4cab-9af1-3ab489a9b28f/logout HTTP 302
    https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9m... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

138 kB
Transfer

456 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://phishedacademy.io/auth/saml2/9b180b79-697e-4cab-9af1-3ab489a9b28f/logout HTTP 302
    https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request saml2
login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/
Redirect Chain
  • https://phishedacademy.io/auth/saml2/9b180b79-697e-4cab-9af1-3ab489a9b28f/logout
  • https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJ...
33 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:150::6 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cade17716b8949d41db710ec195ec32e3cae4d6118f36c4403ea304748771dcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
11965
Content-Type
text/html; charset=utf-8
Date
Mon, 15 Jan 2024 01:09:04 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.17097.4 - AUELR2 ProdSlices
x-ms-request-id
f384fa2a-342e-459b-867a-15c8e0fa4200

Redirect headers

cache-control
no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
845a3b2e9eab5c80-FRA
content-type
text/html; charset=UTF-8
date
Mon, 15 Jan 2024 01:09:04 GMT
location
https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-cloud-trace-context
6be6bba73c17f9f9ff58abdeedefcd8a
converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		109 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C95) /
Resource Hash
5e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-encoding
gzip
content-md5
cclsNwaya3AD0ci2cGBnrw==
age
5016653
x-cache
HIT
content-length
20226
x-ms-lease-status
unlocked
last-modified
Fri, 17 Nov 2023 00:22:21 GMT
server
ECAcc (frc/4C95)
etag
0x8DBE70343D336EF
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b14df825-501e-0096-20af-19475d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		117 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/jquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEF) /
Resource Hash
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-encoding
gzip
content-md5
HWW92uTq7vx3y5z+zFZbXQ==
age
26975704
x-cache
HIT
content-length
40454
x-ms-lease-status
unlocked
last-modified
Fri, 26 Feb 2021 06:13:19 GMT
server
ECAcc (frc/4CEF)
etag
0x8D8DA1D9D23143A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
fa3a47ff-701e-0073-26f7-51103e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		179 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/aad.login.min_vmmoyj1-4wcgq_4ljx53-q2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4D07) /
Resource Hash
87e738d94f83503f243a4544d7c78a6dadd01c261a6a58fa5085715652029ab9

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-encoding
gzip
content-md5
gkCQOa5xTExKUB2dlzn2rA==
age
7985952
x-cache
HIT
content-length
44809
x-ms-lease-status
unlocked
last-modified
Thu, 12 Oct 2023 21:22:25 GMT
server
ECAcc (frc/4D07)
etag
0x8DBCB6954BD7E87
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7fc34a33-501e-0096-76ad-fe475d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png
aadcdn.msftauth.net/shared/1.0/content/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C95) /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-md5
7ZyesNzhfXUr7eprWs2m2Q==
age
19785614
x-cache
HIT
content-length
1057
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
ECAcc (frc/4C95)
etag
0x8DB5C3F494E35F8
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
62296123-801e-006a-705c-937634000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
2-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ 		987 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4D02) /
Resource Hash
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-md5
5YqvyYBhSpzXeWvqe16o8A==
age
19661365
x-cache
HIT
content-length
987
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:43 GMT
server
ECAcc (frc/4D02)
etag
0x8DB5C3F46500358
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
869c71bd-a01e-003b-3d7d-94cbb3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
2_6ffe0a92d779c878835b40171ffc2e13.jpg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_6ffe0a92d779c878835b40171ffc2e13.jpg
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/8ac042ce-7dac-43d9-9ff0-52af760ddb36/saml2?SAMLRequest=jZJBa9wwEIXv%2BRXBd9myVmtbYnehsG1Z2G6gKT3kUsbSKCuwpa01Js2%2Fr9dOSsghVDc9zfv0ZqRNgr676GN8jCN9x98jJrq5ndafvgtJz6fbbByCjpB80gF6TJqMvv%2F07ahFzvVliBRN7LJ3to9dkBIO5GNYbIf9Nrs7fT7efT2cfimoTQNK1AZsJdHIUpQWKoECuVw5ZdYOG1naxfoThzRxttmEfYGlNOIhJIJAk8yFZLxk5foHLzVXmsuHpW4%2F9eoD0Ow%2BE12SLoouPvqQ994MMUVHMXQ%2BYG5iXzRguBQGWW3BMLmyiinnOFsLcHXFrW1XVXHtXGS7mb%2B5bvScZti98i9nn844EcBi%2F5z7WMBI58VXqLZseFsrVqkamTTQMgWuZCtoZaNAtaJxRY8EFgg2xVv%2BmxtP07QP%2B9svceiBPn6Gq%2BItc3OpxkCenrN%2FWROl%2FMkHG59SHpD%2BbwIvsZYQS6ybRXv3zXZ%2FAQ%3D%3D&RelayState=https%3A%2F%2Fphishedacademy.io%3A8080%2Fauth%2Fsaml2%2F9b180b79-697e-4cab-9af1-3ab489a9b28f%2Flogout
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF4) /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Jan 2024 01:09:05 GMT
content-md5
eRaolOvefSnCzCmyZ/Epnw==
age
19661365
x-cache
HIT
content-length
17453
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:43 GMT
server
ECAcc (frc/4CF4)
etag
0x8DB5C3F46686B4E
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
9f264b67-001e-002c-1f7d-946c57000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B function| $ function| jQuery object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| TenantBranding object| users object| Tiles object| $Api object| EmailDiscovery object| Support object| Post object| StrongAuthCheck object| Util object| WindowsBrowserSso function| SetImageStatus function| ImageTimeout function| IframeTimeout function| SignoutFormTimeout function| MsaTimeout function| CreateChromeProviderAsync function| WebNativeBridgeSignout function| TryCompleteSignout function| CompleteSignout function| CompleteSignoutRender function| RenderSignoutSuccess function| RenderSignoutFailure function| WriteSignoutFailedCookie function| InitiatorRedirect object| imageStatusArray boolean| imageStatusTimeout object| updatedUsers object| MsaSignoutStatus number| msaSignoutStatus object| msaSignoutTimerId boolean| iframeStatusTimeout boolean| webNativeBridgeSignoutComplete boolean| webNativeBrideSignout

12 Cookies

Domain/Path Name / Value
phishedacademy.io/ Name: GAESA
Value: CoQBMDA4NzU5OWQ0MjY0ZTIzYmRkNThlMzM0YjA4YjBkOTJkNzkxZTA0MjUxNjE1YjMxMzA2ZWNlNTk5ZGRjNWQ3MDE5MTcyNmRjNTA4N2ZlNGRmODFlYjI1ODhhN2JmNmY4ZmEzODJhZTU2ZTYxM2UxNDg2MTQ1YjZlNzc1MGFlYTA1YTJiEI3zqNXQMQ
.login.microsoftonline.com/ Name: SignInStateCookie
Value: CAgABAAIAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_uJLgFSueq-eKduFTE3c-al84VywBsycZMFcQPWeIRdg1NTwYbPg2iiTJuX33Beko_briBDc4Hqg
login.microsoftonline.com/ Name: ESTSSSOTILES
Value: 1
login.microsoftonline.com/ Name: AADSSOTILES
Value: 1
.login.microsoftonline.com/ Name: ESTSAUTHPERSISTENT
Value: AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P_hAvu_YJeFgG8Qjch2zWw_WYdDAYwh3f1-Dcpo0JNXLPXU9HpR0gL8VQmKC4Lr7Nx1JjiDtPTrdg
.login.microsoftonline.com/ Name: ESTSAUTH
Value: AgABAAQAAAAmoFfGtYxvRrNriQdPKIZ-AgDs_wUA9P-l24s43IjM3OoYk4_76VmObEHSvrG5GvaV6KGY-MVAnAphPMXF69l47yabKBImWazZVEHM_88k-A
login.microsoftonline.com/ Name: ESTSAUTHLIGHT
Value: +
login.microsoftonline.com/ Name: buid
Value: AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-lKcVEZppERH0uB20Hwm-VkKkBj_cSzVqleg6eBoRa9R2k62nk_5cgBAH-OfGG8ghdz71uWFsB8aP4pD8zUWJ0Uq9UaelQ09iCDdvmrHULqMgAA
login.microsoftonline.com/ Name: fpc
Value: AsgPSM68sStKmyd89W4-YHY
.login.microsoftonline.com/ Name: esctx
Value: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-HLp7ilyt2disggZYBrEFC1kFryWmWC3N0ihEAzxY3EE6s2_DDef9mvtZ2cyHjSDinCRnqnY_lbggAeAUp8e7tkR2SciPdpRzuDHqu-JE9UCz716HGCYxn7luYUIclv0nSdLLf8SPTRNDBPkNfhOAJ6nY0ftufPrLJbJZZdyGYtAgAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0