urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
2603:1026:3000:d0::9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQUtQV01LTFdNQUdNWDJ3cTFualBQSmJOamdSQURXND0iLCJocmVmIjoiaHR0cHM6...
Effective URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Submission: On December 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 5 countries across 9 domains to perform 31 HTTP transactions. The main IP is 2603:1026:3000:d0::9, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 16.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on November 28th 2023. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.222.130.34 16509 (AMAZON-02)
5 18.64.103.83 16509 (AMAZON-02)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.64.165.248 16625 (AKAMAI-AS)
1 65.9.25.12 16509 (AMAZON-02)
3 2603:1026:300... 8075 (MICROSOFT...)
13 2606:2800:233... 15133 (EDGECAST)
1 40.126.32.68 8075 (MICROSOFT...)
2 2620:1ec:46::45 8075 (MICROSOFT...)
1 2603:1026:300... 8075 (MICROSOFT...)
2 52.182.143.208 8075 (MICROSOFT...)
31 11
1    52.222.130.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-130-34.fco50.r.cloudfront.net
click1.workhuman.com
5    18.64.103.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-103-83.txl50.r.cloudfront.net
cloud.workhuman.com
1    2a02:26f0:7100:2ab::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    104.64.165.248 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-165-248.deploy.static.akamaitechnologies.com
a15928870500.cdn.optimizely.com
1    65.9.25.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-25-12.zag50.r.cloudfront.net
idp.workhuman.com
3    2603:1026:3000:d0::9 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
13    2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    40.126.32.68 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
2    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msftauthimages.net
1    2603:1026:3000:148::7 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
autologon.microsoftazuread-sso.com
2    52.182.143.208 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
13 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 974
349 KB
7 workhuman.com
click1.workhuman.com — Cisco Umbrella Rank: 129191
cloud.workhuman.com — Cisco Umbrella Rank: 32684
idp.workhuman.com — Cisco Umbrella Rank: 63197
1 MB
3 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 16
28 KB
2 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 146
766 B
2 msftauthimages.net
aadcdn.msftauthimages.net — Cisco Umbrella Rank: 3507
255 KB
2 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 774
a15928870500.cdn.optimizely.com — Cisco Umbrella Rank: 65265
96 KB
1 microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1376
1 KB
1 live.com
login.live.com — Cisco Umbrella Rank: 80
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
31 9
Domain Requested by
13 aadcdn.msftauth.net login.microsoftonline.com
aadcdn.msftauth.net
5 cloud.workhuman.com cloud.workhuman.com
3 login.microsoftonline.com aadcdn.msftauth.net
2 browser.events.data.microsoft.com aadcdn.msftauth.net
2 aadcdn.msftauthimages.net
1 autologon.microsoftazuread-sso.com
1 login.live.com login.microsoftonline.com
1 idp.workhuman.com
1 a15928870500.cdn.optimizely.com cdn.optimizely.com
1 fonts.googleapis.com cloud.workhuman.com
1 cdn.optimizely.com cloud.workhuman.com
1 click1.workhuman.com 1 redirects
31 12

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
*.workhuman.com
Amazon RSA 2048 M02		 2023-01-27 -
2024-02-25		 a year crt.sh
cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-09-04		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018		 2023-02-26 -
2024-02-28		 a year crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2023-11-28 -
2024-11-28		 a year crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2023-12-01 -
2024-12-01		 a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA		 2023-11-11 -
2024-11-11		 a year crt.sh
aadcdn.msftauthimages.net
Microsoft Azure RSA TLS Issuing CA 03		 2023-11-25 -
2024-11-19		 a year crt.sh
autologon.microsoftazuread-sso.com
DigiCert SHA2 Secure Server CA		 2023-11-11 -
2024-11-11		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 03		 2023-10-02 -
2024-09-26		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Frame ID: 77EA62B94AF485BD99956D200EA13162
Requests: 29 HTTP requests in this frame

Frame: https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Frame ID: 30C1EFF73121CB1F099AE4D6D0993BE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

  1. https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQUtQV01LTFdNQUdNWDJ3cTFualBQSmJOamdSQURXND0i... HTTP 302
    https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Camp... Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3F... Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abd... Page URL
  4. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2 Page URL
  5. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

31
Requests

100 %
HTTPS

50 %
IPv6

9
Domains

12
Subdomains

11
IPs

5
Countries

1946 kB
Transfer

3054 kB
Size

23
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQUtQV01LTFdNQUdNWDJ3cTFualBQSmJOamdSQURXND0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249RGVjZW1iZXJfUmVkZW1wdGlvbl9DYW1wYWlnbl9SRUQyMy0wMTVcdTAwMjZ1dG1fY29udGVudD0xMjIzX3JyX1VTX2F3YXJkX19idG4yIyFzYWJyZS9jb2xsZWN0aW9ucy9sYXN0X21pbnV0ZV9naWZ0X2NhcmRzX2RlYzIzX3VzYSIsImludGVybmFsIjoiZjNiNDA2MWFjMjg4MDFhM2Q2MzAiLCJsaW5rX2lkIjozNjJ9/e018fe9980476a0c4d836bb10749358cc28383fc02a58abe0710f0b462ab799d HTTP 302
    https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2 Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3Futm_source%3Dcio%26utm_medium%3Demail%26utm_campaign%3DDecember_Redemption_Campaign_RED23-015%26utm_content%3D1223_rr_US_award__btn2%23%2Fsabre%2Fcollections%2Flast_minute_gift_cards_dec23_usa Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abdb-699141848e61/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dsabre Page URL
  4. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2 Page URL
  5. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQUtQV01LTFdNQUdNWDJ3cTFualBQSmJOamdSQURXND0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249RGVjZW1iZXJfUmVkZW1wdGlvbl9DYW1wYWlnbl9SRUQyMy0wMTVcdTAwMjZ1dG1fY29udGVudD0xMjIzX3JyX1VTX2F3YXJkX19idG4yIyFzYWJyZS9jb2xsZWN0aW9ucy9sYXN0X21pbnV0ZV9naWZ0X2NhcmRzX2RlYzIzX3VzYSIsImludGVybmFsIjoiZjNiNDA2MWFjMjg4MDFhM2Q2MzAiLCJsaW5rX2lkIjozNjJ9/e018fe9980476a0c4d836bb10749358cc28383fc02a58abe0710f0b462ab799d HTTP 302
  • https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
cloud.workhuman.com/store/
Redirect Chain
  • https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQUtQV01LTFdNQUdNWDJ3cTFualBQSmJOamdSQURXND0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9t...
  • https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.103.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-103-83.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1253297f76cd82eafe89b7980077ea31514ce6c8539bb0a5408618f90f15f31b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
5363
content-type
text/html
date
Tue, 12 Dec 2023 20:10:27 GMT
etag
"7cf7c8c812b5be18310b2cebd88c72a1"
last-modified
Thu, 07 Dec 2023 09:21:14 GMT
server
AmazonS3
via
1.1 b66d2d4cfb46d641d455e6640c25f566.cloudfront.net (CloudFront)
x-amz-cf-id
hkkMbDhX0hSmIQJigd6hwF8xLPX8r7j1QObiuZsYmdECVC4744ICLQ==
x-amz-cf-pop
TXL50-P3
x-amz-id-2
s6E3LBs+orsSaLMcFfZfda8bAMbW2h0p02pCxwxiORgGVL9GSzj/QxJ+enta2zXCE/yDNphZWujTanWd407kv4KqyfZ0ZMFE2n8ptN2yxWk=
x-amz-request-id
QY80WV6QE65XXGKX
x-amz-server-side-encryption
AES256
x-amz-version-id
CybxELkkLaBpktMwD.8XwJppqB16iOt9
x-cache
RefreshHit from cloudfront

Redirect headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
date
Tue, 12 Dec 2023 20:10:25 GMT
location
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2#!sabre/collections/last_minute_gift_cards_dec23_usa
via
1.1 google, 1.1 4721c8ecd5a0de95e3a7a2b87714eb68.cloudfront.net (CloudFront)
x-amz-cf-id
bpRIH_GAkQVGUGuXlJzKevkKqemf8RRzmrco1hZx2obASUC5stIybg==
x-amz-cf-pop
FCO50-C2
x-cache
Miss from cloudfront
16969570298.js
cdn.optimizely.com/js/ 		318 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/16969570298.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:2ab::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d75e8c8bb95f23027038b0e6a521a43012dd98abe3c5dede8b7597bee8c34433
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.workhuman.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
FqZBzNgQDcwiXn1jnHfzCjPOMbAdAvLl
content-encoding
gzip
date
Tue, 12 Dec 2023 20:10:26 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
JY2EDCSTX6ETYCGF
x-amz-server-side-encryption
AES256
x-amz-meta-revision
6202
x-amz-replication-status
PENDING
server-timing
cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, cdn;desc="AkamaiION";dur=0,rtt;desc="17";dur=0,cdnip;desc="2a02:26f0:7100:2ab::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="1702411826721_1753097333_307405097_1271_2730_17_21_146";dur=1
content-length
96280
x-amz-id-2
UsPVIeaVIiNt/adZ+wW8d6tlyzWLxsUyfYwiBywRUuRRELDIWt16w1KE5ldwzAqUHP7mDCbhIIM=
last-modified
Mon, 27 Nov 2023 14:43:19 GMT
server
AmazonS3
etag
"eb0a5f56ab2397ea16dba1fa87eaa192"
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
main.63d67440.js
cloud.workhuman.com/store/static/js/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/static/js/main.63d67440.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.103.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-103-83.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4790fd66784c7e6e05c24b31b750ee3b805297fc1ed829690fa22f01f5e62942

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
BjOjfZsiXJbIvkXOboSRWykhNb.a7HyI
date
Tue, 12 Dec 2023 20:10:28 GMT
via
1.1 b66d2d4cfb46d641d455e6640c25f566.cloudfront.net (CloudFront)
last-modified
Thu, 07 Dec 2023 09:21:15 GMT
server
AmazonS3
x-amz-request-id
28MZ8NB6JD8DQPSJ
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
etag
"f5bf2ef403c2bed55479475860a20b4b"
x-cache
RefreshHit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1066936
x-amz-id-2
TxVE/A8/RphwNzvPeNEi1DuhSS5SPzJjvO3tz0/oFvE/jZ9P39ZADviCdeU1XCFis6ZWphkMbHo=
x-amz-cf-id
gmR-7aFzbSdhTnk3cKtCc_vQ2aJrGpytlCUE6cbP0Isva2Etzan5Yg==
main.fc6fa448.css
cloud.workhuman.com/store/static/css/ 		160 KB
160 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/store/static/css/main.fc6fa448.css
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.103.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-103-83.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19623494bd70f540e306c33670e578c0e55d8d0310df969cd81492e6fb4bf7a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
.HX7m5tFv.tHR4xsEWSoF_ucS7at8CVW
date
Tue, 12 Dec 2023 20:10:28 GMT
via
1.1 b66d2d4cfb46d641d455e6640c25f566.cloudfront.net (CloudFront)
last-modified
Thu, 07 Dec 2023 09:21:14 GMT
server
AmazonS3
x-amz-request-id
Z79028WRM1KZY13N
x-amz-cf-pop
TXL50-P3
x-amz-server-side-encryption
AES256
etag
"fc96514cf2058a7b2360b0e737dd6e20"
x-cache
RefreshHit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
163668
x-amz-id-2
SwOq+l20Jply+dHXByfeYmOVzvuuZbF0xyDKPPyf8yu+xtlWNYEQ2dSxfVdqKdsJgyyHdSFZitg=
x-amz-cf-id
dyikM77K29BHFqTUjYHtDAeHehKpwoJfwRU7xZh3Vg1KNQVDLiRgxg==
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:wght@400;700&display=swap
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ac8bc924f3f8e41e2babc5338c71f942d91d34022a2fa9f52be2d005d9e71a79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cloud.workhuman.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 20:10:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 12 Dec 2023 19:58:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 20:10:26 GMT
a15928870500.html
a15928870500.cdn.optimizely.com/client_storage/ Frame 30C1 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16969570298.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.64.165.248 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-64-165-248.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
206056a71d0ef1a931b43df38de242dace4bcdc920b9e49d0820da873de7cfbc
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://cloud.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=120
content-encoding
gzip
content-length
888
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 20:10:27 GMT
etag
"4ff043edc9e36f882e39fb865a988160"
last-modified
Tue, 12 Dec 2023 20:09:08 GMT
server
AmazonS3
server-timing
cdn-cache; desc=HIT edge; dur=1 cdn;desc="AkamaiION";dur=0,rtt;desc="26";dur=0,cdnip;desc="104.64.165.248";dur=0,cdnmap;desc="a4343.a.akamaiedge.net";dur=0,proto;desc="h2";dur=0 ak_p; desc="1702411827332_399797861_474021621_39_1921_26_32_255";dur=1
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,2
x-amz-id-2
3uzIIPoQ3TnFH4Nr+Hr+XBRf399+YD/sdOYq0Y0Mks3NOXiooo0gRmoEoYgBs5DLfiNNbGBya+4=
x-amz-meta-pci_enabled
False
x-amz-replication-status
PENDING
x-amz-request-id
HDXP8CSZW0ZA5Z0M
x-amz-server-side-encryption
AES256
x-amz-version-id
oK4w19c1SPq0ketOH23FwYH8zvtk.SUG
userSessionAuthToken
cloud.workhuman.com/microsites/login/ 		91 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/microsites/login/userSessionAuthToken
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/static/js/main.63d67440.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.103.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-103-83.txl50.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Dec 2023 20:10:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
via
1.1 b66d2d4cfb46d641d455e6640c25f566.cloudfront.net (CloudFront)
server
Apache
x-amz-cf-pop
TXL50-P3
x-cache
Error from cloudfront
content-type
application/json;charset=utf-8
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-id
zeGZBKkXX3xDlxLXAwC-S3G3NezQ-xRuomiVRvdKceqr8D5nfdn6fA==
content-length
91
x-xss-protection
1; mode=block
expires
Sat, 6 May 1995 12:00:00 GMT
forwardToInternalApp
cloud.workhuman.com/microsites/t/apps/ 		624 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3Futm_source%3Dcio%26utm_medium%3Demail%26utm_campaign%3DDecember_Redemption_Campaign_RED23-015%26utm_content%3D1223_rr_US_award__btn2%23%2Fsabre%2Fcollections%2Flast_minute_gift_cards_dec23_usa
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/static/js/main.63d67440.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.103.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-103-83.txl50.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=December_Redemption_Campaign_RED23-015&utm_content=1223_rr_US_award__btn2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
624
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
content-type
text/html;charset=ISO-8859-1
date
Tue, 12 Dec 2023 20:10:27 GMT
expires
01 Apr 1995 01:10:10 GMT
pragma
no-cache
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 b66d2d4cfb46d641d455e6640c25f566.cloudfront.net (CloudFront)
x-amz-cf-id
4653J-xZiMmkt72CEa-S_NIVNI9DxEoKLHEAYjvrH8NO5UuXLoIhEg==
x-amz-cf-pop
TXL50-P3
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
startSSO.ping
idp.workhuman.com/sp/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abdb-699141848e61/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dsabre
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.25.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-25-12.zag50.r.cloudfront.net
Software
/
Resource Hash
e0867548fc9f9fb45da16850884005c130452bdf8097bc6dfe6617893fd32f5c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://cloud.workhuman.com
Referer
https://cloud.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
1356
content-type
text/html;charset=utf-8
date
Tue, 12 Dec 2023 20:10:28 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
origin
via
1.1 124f1c96be6ce1b7012fa9b6449f2ac6.cloudfront.net (CloudFront)
x-amz-cf-id
_xZN298ErGYTqSQd_dLNqvNialXZ7sfHAwhBCkQuEHgOB_69PvhtrQ==
x-amz-cf-pop
ZAG50-C1
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN
saml2
login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/ 		20 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:d0::9 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3cf0761c1e9648f0e4eb5f0bd631a50760c68b44051ac842f15d471a5b7a483e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://idp.workhuman.com
Referer
https://idp.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
9074
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Dec 2023 20:10:27 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.16919.4 - WUS3 ProdSlices
x-ms-request-id
31081e75-aa8a-4c92-9511-10d90a163300
BssoInterrupt_Core_G8nbIKerNCoHF1cUBcOz7w2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		136 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_G8nbIKerNCoHF1cUBcOz7w2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B2) /
Resource Hash
0ea7628423c80e4e8d0791f57aa8b205cb64886686a360467ae645c7cf6aa99b

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:28 GMT
content-encoding
gzip
content-md5
cIEj39mjpvtGzkv+5yGy3Q==
age
2138062
x-cache
HIT
content-length
48848
x-ms-lease-status
unlocked
last-modified
Wed, 15 Nov 2023 23:32:09 GMT
server
ECAcc (ama/48B2)
etag
0x8DBE633167FEC89
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b6cef219-901e-00de-5ac5-19cc5d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Primary Request saml2
login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/ 		38 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:d0::9 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e7b803b13d10312769a72cbcf33064891e594b11ce0db548772aefe232cb69bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
14612
Content-Type
text/html; charset=utf-8
Date
Tue, 12 Dec 2023 20:10:28 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
on
X-Frame-Options
DENY
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.16919.4 - WUS3 ProdSlices
x-ms-request-id
31081e75-aa8a-4c92-9511-10d923163300
converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		109 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48DD) /
Resource Hash
5e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
cclsNwaya3AD0ci2cGBnrw==
age
2147445
x-cache
HIT
content-length
20226
x-ms-lease-status
unlocked
last-modified
Fri, 17 Nov 2023 00:22:21 GMT
server
ECAcc (ama/48DD)
etag
0x8DBE70343D336EF
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
db5a0e74-601e-00a1-4caf-19b742000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		421 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48AA) /
Resource Hash
8af9b303e5e3a3623a9520e74be0ed612595812f0e5ffa704aa7ae3a9a0f269d

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
fP0s+FFOVUxsHiQ8GxcvnQ==
age
2143152
x-cache
HIT
content-length
118205
x-ms-lease-status
unlocked
last-modified
Wed, 15 Nov 2023 23:32:14 GMT
server
ECAcc (ama/48AA)
etag
0x8DBE63319028C82
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
882778e1-a01e-0015-14b9-196d0e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		58 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_kttbcevibl3axf-emyvupa2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48CF) /
Resource Hash
ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
i1bWH79CoaSd0fRSchAlmg==
age
2610234
x-cache
HIT
content-length
16708
x-ms-lease-status
unlocked
last-modified
Fri, 10 Nov 2023 01:29:02 GMT
server
ECAcc (ama/48CF)
etag
0x8DBE18C6C228E70
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
82c2d6f0-201e-00b5-3b79-15ab68000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.126.32.68 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers
oneDs_f2e0f4a029670f10d892.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		186 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48FD) /
Resource Hash
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
wegr9xrdYirQ87+FcvY0/A==
age
9060170
x-cache
HIT
content-length
61052
x-ms-lease-status
unlocked
last-modified
Thu, 25 May 2023 17:22:37 GMT
server
ECAcc (ama/48FD)
etag
0x8DB5D44A2CEB430
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7041a3d2-001e-0023-6dd0-dab613000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pcustomizationloader_e510439e6f2355f97577.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		153 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_e510439e6f2355f97577.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B2) /
Resource Hash
fb77bb1d43b2d95229ad7bc71b3b259a0b83bf64351212b448a27c172fe61ffa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
278jD8ZrCAMM3faz9ltcjA==
age
2790084
x-cache
HIT
content-length
34609
x-ms-lease-status
unlocked
last-modified
Fri, 03 Nov 2023 21:43:47 GMT
server
ECAcc (ama/48B2)
etag
0x8DBDCB5F5E6BECD
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
793cc751-001e-00a7-7cd7-134d4e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pfetchsessionsprogress_e760b14516f49272cbcc.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_e760b14516f49272cbcc.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/488D) /
Resource Hash
64e2ef8e423378c38ef7525e7ad8c44b4a6ecb70e027ac3ae86e0d64ef1c426f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
/2UwsaCWgselIgcN7++UDA==
age
2715007
x-cache
HIT
content-length
5518
x-ms-lease-status
unlocked
last-modified
Fri, 03 Nov 2023 21:43:47 GMT
server
ECAcc (ama/488D)
etag
0x8DBDCB5F5FC784B
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
def637aa-501e-00ee-1285-14ed4c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4884) /
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-md5
Fm3lNHEmUlOrOkVt7+baIw==
age
16947907
x-cache
HIT
content-length
2672
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
ECAcc (ama/4884)
etag
0x8DB5C3F4982FD30
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
0a6d675f-d01e-0000-1b13-93de85000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4893) /
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-md5
tUCo5RgDcZLjLE/li/Lbqw==
age
16947907
x-cache
HIT
content-length
3620
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
ECAcc (ama/4893)
etag
0x8DB5C3F492F3EE5
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
635a4c7d-601e-0091-2c13-9367e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
illustration
aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/ 		252 KB
253 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/illustration?ts=636966718686804972
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bd31b5ad4e0e741f2066270580ff1324e97e726e5a3f42b2c11c06978600db4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
last-modified
Thu, 20 Jun 2019 23:57:49 GMT
etag
0x8D6F5DB199C57DE
x-azure-ref
20231212T201029Z-acv6rpe8et6s11uaatmz8r2s6g00000003ag000000007bgt
x-cache
TCP_HIT
content-type
image/*
access-control-allow-origin
*
x-ms-request-id
f2a47f71-a01e-0013-6b89-2b235f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
content-length
258399
bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/bannerlogo?ts=636966718706694231
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9155cfd404c1c5fa95ec2d1d7e1c07b2f0ea87fb8a2c41cf737bd13088c018e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
last-modified
Thu, 20 Jun 2019 23:57:51 GMT
etag
0x8D6F5DB1AC09A8D
x-azure-ref
20231212T201029Z-acv6rpe8et6s11uaatmz8r2s6g00000003ag000000007bgu
x-cache
TCP_HIT
content-type
image/*
access-control-allow-origin
*
x-ms-request-id
6de8ecbd-501e-0038-6e6e-2ba393000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
content-length
1913
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4884) /
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-md5
Fm3lNHEmUlOrOkVt7+baIw==
age
16947907
x-cache
HIT
content-length
2672
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
ECAcc (ama/4884)
etag
0x8DB5C3F4982FD30
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
0a6d675f-d01e-0000-1b13-93de85000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4893) /
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-md5
tUCo5RgDcZLjLE/li/Lbqw==
age
16947907
x-cache
HIT
content-length
3620
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
ECAcc (ama/4893)
etag
0x8DB5C3F492F3EE5
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
635a4c7d-601e-0091-2c13-9367e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ssoprobe
autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/ 		12 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/ssoprobe?client-request-id=d8187d4e-828c-4ee0-b090-6e45bdd9c8ec&_=1702411829257
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:148::7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 20:10:28 GMT
X-Content-Type-Options
nosniff
WWW-Authenticate
Negotiate
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Length
12
X-XSS-Protection
0
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Vary
Origin
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
image/png; charset=utf-8
Access-Control-Allow-Origin
https://login.microsoftonline.com
x-ms-request-id
f82f8532-acec-4c81-b92e-e99c7a277300
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.16878.5 - NCUS ProdSlices
Expires
-1
dssostatus
login.microsoftonline.com/common/instrumentation/ 		265 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/instrumentation/dssostatus
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1026:3000:d0::9 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
013ecf5b52b3fabf21e72391c62297fdf4e06226f844f9cad10369c87b498e2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

hpgrequestid
31081e75-aa8a-4c92-9511-10d923163300
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
client-request-id
d8187d4e-828c-4ee0-b090-6e45bdd9c8ec
canary
PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-IoyBvsuw7mFKfC8rdFo2eJfeys9W-IJGHwgg00jYNb1W6qLp-6tFbaU8IiIUvJzOv5JCwmRkFfen-Fcvt_K3P7MfVeIBKij5vklOUuFJ7yHgdpmeJhRl-SnMNgDUpN4jYQDs63aZNu0duqN0BYsN2cTbKgp1hqo4pdZFWC5nlUU8Xoc6KiQGu3nzAYmcXnFvWBJ6-vKKtM34jKeRu5Dq3iAA
Content-type
application/json; charset=UTF-8
hpgid
1104
Accept
application/json
Referer
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2?sso_reload=true
hpgact
1900

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Tue, 12 Dec 2023 20:10:28 GMT
X-Content-Type-Options
nosniff
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
client-request-id
d8187d4e-828c-4ee0-b090-6e45bdd9c8ec
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Content-Length
265
X-XSS-Protection
0
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Access-Control-Allow-Methods
POST, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://autologon.microsoftazuread-sso.com/
x-ms-request-id
bd500a67-9b15-4c32-b759-976eb25d2100
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.16878.5 - NCUS ProdSlices
Expires
-1
convergedlogin_pstringcustomizationhelper_50b92a7b991422dd39ff.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		111 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_50b92a7b991422dd39ff.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_2TS5K5gxo-zWGrXS7stGhw2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4882) /
Resource Hash
969486e23eab84d16be606d82c2b166aba2ad28b8582583a068987f0b9c39d7f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
R+2cBZ2hn5qlUOCtLPDiNA==
age
2790084
x-cache
HIT
content-length
35914
x-ms-lease-status
unlocked
last-modified
Fri, 03 Nov 2023 21:43:48 GMT
server
ECAcc (ama/4882)
etag
0x8DBDCB5F6A4CC11
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
23f7ec81-701e-00c0-08d7-13de62000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		2 KB
785 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48ED) /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.microsoftonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 12 Dec 2023 20:10:29 GMT
content-encoding
gzip
content-md5
R2FAVxfpONfnQAuxVxXbHg==
age
16947641
x-cache
HIT
content-length
621
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:52 GMT
server
ECAcc (ama/48ED)
etag
0x8DB5C3F4BB4F03C
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
1fb84801-d01e-0021-0513-935ed9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
766 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.182.143.208 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
0a7556f975e5e0a200f90f66e6c63cf178bd102e34b857f2d28ddd0fc7ebcf33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1702411831436
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://login.microsoftonline.com/
apikey
69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Tue, 12 Dec 2023 20:10:32 GMT
server
Microsoft-HTTPAPI/2.0
time-delta-millis
1848
access-control-allow-methods
POST
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-type
application/json
access-control-allow-origin
https://login.microsoftonline.com
access-control-expose-headers
time-delta-millis
access-control-allow-credentials
true
access-control-allow-headers
P3P,Set-Cookie,time-delta-millis
content-length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.182.143.208 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://login.microsoftonline.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://login.microsoftonline.com
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Tue, 12 Dec 2023 20:10:31 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_e510439e6f2355f97577 boolean| __convergedlogin_pfetchsessionsprogress_e760b14516f49272cbcc boolean| __convergedlogin_pstringcustomizationhelper_50b92a7b991422dd39ff

23 Cookies

Domain/Path Name / Value
cloud.workhuman.com/microsites Name: client
Value: sabre
.workhuman.com/ Name: optimizelyEndUserId
Value: oeu1702411827272r0.5510657782376749
cloud.workhuman.com/ Name: AWSALB
Value: zU8W/JjsQ+0xx+vpT8CVtp3rt5Rk6BNGXACZel0IXp5J2w0MH6VGpDmeSUyx4GqbGECrK8B2yefMVtKwSA1BitSX8wGdDIwOXjyp3KCt9Djq5meckqG+mPegfsV+
cloud.workhuman.com/ Name: AWSALBCORS
Value: zU8W/JjsQ+0xx+vpT8CVtp3rt5Rk6BNGXACZel0IXp5J2w0MH6VGpDmeSUyx4GqbGECrK8B2yefMVtKwSA1BitSX8wGdDIwOXjyp3KCt9Djq5meckqG+mPegfsV+
cloud.workhuman.com/ Name: cf_client
Value: sabre
cloud.workhuman.com/ Name: JSESSIONID
Value: F6EACEE115459554AB8948D38C69939F
idp.workhuman.com/ Name: PF
Value: 8eS12q418S9TLc80vzPQSm
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.ARcA8szOAyf-Zkyr22mRQYSOYYQf-wxNOYpGpnVXv5v0fdUXAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-8mewz8Rm23Zw2iX5rumlTtdIAcqXBwoRFeAuBs3qVaXkYLDpFnoF26M1k0AgMftDRNGr6rpa8LlgDqEpUNjt9bZ7omAsGtVwQXMRsGMziukgAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-03Nd3K6q9I-KDRzDqFKWJe5-x8B0AQhRXgicmOKNXlPas05JgoISQ4HDCewlVfBItfWbe8r-lK6Wi9YsgSPgydHfDsmlHwq53k8hlBMCakNxZ08QJ2WoNo-x96Iz73Q_1v2EFa_x0xd__4cn1PL7_sCPwp8nEjdORilGfoSp0RAgAA
.login.microsoftonline.com/ Name: esctx-u3WYI8NAc5Q
Value: AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-yFs5jgQtNbeSgvcv67_DW3jM8gJAMzyR8tLg5mRIDvaxivHWUrG1oa7dw5VCVMNDct-aq29GFIjYhQjhJX-Ccj5ohICODKMFT5yIB_TNfy8ZRzoEAwFjMQOkW41-M3nXqi_rZgFyRSkD3IzPH2938SAA
login.microsoftonline.com/ Name: fpc
Value: AnIT55Ed2WtKijGVfHJ6186JwXmQAQAAADS1Ct0OAAAA
login.microsoftonline.com/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: 2c035354-ee4b-42e0-bb7b-92985572470c
.login.microsoftonline.com/ Name: brcap
Value: 0
.login.live.com/ Name: uaid
Value: b0006fe592e741c493698e7baf152e0a
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1702411829&co=1
autologon.microsoftazuread-sso.com/ Name: fpc
Value: Ajk5yq_BjRdIpGhz5LgkVyI
autologon.microsoftazuread-sso.com/ Name: x-ms-gateway-slice
Value: estsfd
autologon.microsoftazuread-sso.com/ Name: stsservicecookie
Value: estsfd
login.microsoftonline.com/ Name: ai_session
Value: r0DANgmCs8kxHoeFX2Jeos|1702411829433|1702411829433

2 Console Messages

Source Level URL
Text
network error URL: https://cloud.workhuman.com/microsites/login/userSessionAuthToken
Message:
Failed to load resource: the server responded with a status of 500 ()
network error URL: https://autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/ssoprobe?client-request-id=d8187d4e-828c-4ee0-b090-6e45bdd9c8ec&_=1702411829257
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a15928870500.cdn.optimizely.com
aadcdn.msftauth.net
aadcdn.msftauthimages.net
autologon.microsoftazuread-sso.com
browser.events.data.microsoft.com
cdn.optimizely.com
click1.workhuman.com
cloud.workhuman.com
fonts.googleapis.com
idp.workhuman.com
login.live.com
login.microsoftonline.com
104.64.165.248
18.64.103.83
2603:1026:3000:148::7
2603:1026:3000:d0::9
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2620:1ec:46::45
2a00:1450:4001:82f::200a
2a02:26f0:7100:2ab::13b8
40.126.32.68
52.182.143.208
52.222.130.34
65.9.25.12
013ecf5b52b3fabf21e72391c62297fdf4e06226f844f9cad10369c87b498e2e
0a7556f975e5e0a200f90f66e6c63cf178bd102e34b857f2d28ddd0fc7ebcf33
0ea7628423c80e4e8d0791f57aa8b205cb64886686a360467ae645c7cf6aa99b
1253297f76cd82eafe89b7980077ea31514ce6c8539bb0a5408618f90f15f31b
19623494bd70f540e306c33670e578c0e55d8d0310df969cd81492e6fb4bf7a7
206056a71d0ef1a931b43df38de242dace4bcdc920b9e49d0820da873de7cfbc
3cf0761c1e9648f0e4eb5f0bd631a50760c68b44051ac842f15d471a5b7a483e
4790fd66784c7e6e05c24b31b750ee3b805297fc1ed829690fa22f01f5e62942
5e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89
64e2ef8e423378c38ef7525e7ad8c44b4a6ecb70e027ac3ae86e0d64ef1c426f
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8af9b303e5e3a3623a9520e74be0ed612595812f0e5ffa704aa7ae3a9a0f269d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
9155cfd404c1c5fa95ec2d1d7e1c07b2f0ea87fb8a2c41cf737bd13088c018e8
969486e23eab84d16be606d82c2b166aba2ad28b8582583a068987f0b9c39d7f
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
ab57a810667ec1440a8969be19347e62aedecd99b07a7c74e1ef14be04bc9e4a
ac8bc924f3f8e41e2babc5338c71f942d91d34022a2fa9f52be2d005d9e71a79
bd31b5ad4e0e741f2066270580ff1324e97e726e5a3f42b2c11c06978600db4e
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d75e8c8bb95f23027038b0e6a521a43012dd98abe3c5dede8b7597bee8c34433
e0867548fc9f9fb45da16850884005c130452bdf8097bc6dfe6617893fd32f5c
e7b803b13d10312769a72cbcf33064891e594b11ce0db548772aefe232cb69bd
fb77bb1d43b2d95229ad7bc71b3b259a0b83bf64351212b448a27c172fe61ffa