login.microsoftonline.com
Open in
urlscan Pro
2603:1036:3000:e8::4
Public Scan
Effective URL: https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJLmE5cGMUNZA2RqT00EtBU...
Submission: On December 17 via api from US — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on November 10th 2023. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 18.220.149.166 18.220.149.166 | 16509 (AMAZON-02) (AMAZON-02) | |
3 3 | 3.20.255.232 3.20.255.232 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2603:1036:300... 2603:1036:3000:e8::4 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2606:2800:21f... 2606:2800:21f:1b88:6342:f8de:86c:e98b | 15133 (EDGECAST) (EDGECAST) | |
6 | 2620:1ec:bdf::40 2620:1ec:bdf::40 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 20.190.151.68 20.190.151.68 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 2606:2800:21f... 2606:2800:21f:3ab5:de35:a4f4:79e0:ff17 | 15133 (EDGECAST) (EDGECAST) | |
13 | 6 |
ASN16509 (AMAZON-02, US)
PTR: web.illinois.edu
mail.sympadocs.web.illinois.edu |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-20-255-232.us-east-2.compute.amazonaws.com
shibboleth.illinois.edu |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
ASN15133 (EDGECAST, US)
aadcdn.msauthimages.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 961 |
222 KB |
4 |
illinois.edu
3 redirects
mail.sympadocs.web.illinois.edu shibboleth.illinois.edu — Cisco Umbrella Rank: 577684 |
8 KB |
2 |
msauthimages.net
aadcdn.msauthimages.net — Cisco Umbrella Rank: 3746 |
162 KB |
2 |
microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 16 |
27 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 80 |
|
1 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 974 |
48 KB |
13 | 6 |
Domain | Requested by | |
---|---|---|
6 | aadcdn.msauth.net |
login.microsoftonline.com
aadcdn.msauth.net |
3 | shibboleth.illinois.edu | 3 redirects |
2 | aadcdn.msauthimages.net | |
2 | login.microsoftonline.com |
aadcdn.msftauth.net
|
1 | login.live.com |
login.microsoftonline.com
|
1 | aadcdn.msftauth.net |
login.microsoftonline.com
|
1 | mail.sympadocs.web.illinois.edu | |
13 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
identity.uillinois.edu |
techservices.illinois.edu |
fae20.cita.illinois.edu |
www.vpaa.uillinois.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sympadocs.web.illinois.edu cPanel, Inc. Certification Authority |
2023-11-14 - 2024-02-12 |
3 months | crt.sh |
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA |
2023-11-10 - 2024-11-10 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-12-01 - 2024-12-01 |
a year | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2023-10-29 - 2024-10-29 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2023-11-09 - 2024-11-09 |
a year | crt.sh |
aadcdn.msauthimages.net Microsoft Azure TLS Issuing CA 02 |
2023-03-08 - 2024-03-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJLmE5cGMUNZA2RqT00EtBUauYAEW6fKTt35d%2BFeklV3J2ZmdmV3e%2FZ529gvPKmhaVBUEZGGlHZV5a9Nx%2Fypfobr3yYtb0yDcxHMwT%2FIzgQ5YGjeeXnxZFZ7gVXnluxAyeB8m7zZcHTgvCj84GK61G2cZ7cCFJ3Vvj4wyuA%2FeqJDw%2FPbToEMLRc4z9QQ2D1RAOhdJaGat8AWPEajziRDUpDfi8CT4pULx%2F7HrcdY8o26a9lBHh7OVGp%2B2LMsWspLPeTsGaRAmFtDNmjDULaKacNVTmDATNl7Sa8sWSkBFqVjGo8NkgynbbFv2g6XGoBflABlayoanlKBpSD2RqyABQJpj3EXbGB2FCiyihVV7SvFz0JeVVzWldNDX7jrL9NZKPylyifi%2B%2F4QLy%2FHPf7%2FOTXZR9u1WWAOhaED%2Bru7fNvE8sbnWg9Qk2Cwlcpfbn2RoeVZSn3Ff4Lfm%2FW%2Fia2HbbvdVK%2Fsk2Wttf9w5EgBYFFwHh9XXu%2F6tZ%2FwU%3D&RelayState=e1s1&sso_reload=true
Frame ID: 8DA03461AF8B3283F92A87D6F8D1E3AD
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
- https://mail.sympadocs.web.illinois.edu/ Page URL
-
https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO
HTTP 302
https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
https://shibboleth.illinois.edu/idp/profile/Authn/SAML2/POST/SSO/start?conversation=e1s1 HTTP 302
https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJL... Page URL
- https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJL... Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Can’t access your account?
Search URL Search Domain Scan URL
Title: Contact Technology Services Help Desk
Search URL Search Domain Scan URL
Title: FAE Accessibility Score
Search URL Search Domain Scan URL
Title: University of Illinois Web Privacy Notice
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://mail.sympadocs.web.illinois.edu/ Page URL
-
https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO
HTTP 302
https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
https://shibboleth.illinois.edu/idp/profile/Authn/SAML2/POST/SSO/start?conversation=e1s1 HTTP 302
https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJLmE5cGMUNZA2RqT00EtBUauYAEW6fKTt35d%2BFeklV3J2ZmdmV3e%2FZ529gvPKmhaVBUEZGGlHZV5a9Nx%2Fypfobr3yYtb0yDcxHMwT%2FIzgQ5YGjeeXnxZFZ7gVXnluxAyeB8m7zZcHTgvCj84GK61G2cZ7cCFJ3Vvj4wyuA%2FeqJDw%2FPbToEMLRc4z9QQ2D1RAOhdJaGat8AWPEajziRDUpDfi8CT4pULx%2F7HrcdY8o26a9lBHh7OVGp%2B2LMsWspLPeTsGaRAmFtDNmjDULaKacNVTmDATNl7Sa8sWSkBFqVjGo8NkgynbbFv2g6XGoBflABlayoanlKBpSD2RqyABQJpj3EXbGB2FCiyihVV7SvFz0JeVVzWldNDX7jrL9NZKPylyifi%2B%2F4QLy%2FHPf7%2FOTXZR9u1WWAOhaED%2Bru7fNvE8sbnWg9Qk2Cwlcpfbn2RoeVZSn3Ff4Lfm%2FW%2Fia2HbbvdVK%2Fsk2Wttf9w5EgBYFFwHh9XXu%2F6tZ%2FwU%3D&RelayState=e1s1 Page URL
- https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJLmE5cGMUNZA2RqT00EtBUauYAEW6fKTt35d%2BFeklV3J2ZmdmV3e%2FZ529gvPKmhaVBUEZGGlHZV5a9Nx%2Fypfobr3yYtb0yDcxHMwT%2FIzgQ5YGjeeXnxZFZ7gVXnluxAyeB8m7zZcHTgvCj84GK61G2cZ7cCFJ3Vvj4wyuA%2FeqJDw%2FPbToEMLRc4z9QQ2D1RAOhdJaGat8AWPEajziRDUpDfi8CT4pULx%2F7HrcdY8o26a9lBHh7OVGp%2B2LMsWspLPeTsGaRAmFtDNmjDULaKacNVTmDATNl7Sa8sWSkBFqVjGo8NkgynbbFv2g6XGoBflABlayoanlKBpSD2RqyABQJpj3EXbGB2FCiyihVV7SvFz0JeVVzWldNDX7jrL9NZKPylyifi%2B%2F4QLy%2FHPf7%2FOTXZR9u1WWAOhaED%2Bru7fNvE8sbnWg9Qk2Cwlcpfbn2RoeVZSn3Ff4Lfm%2FW%2Fia2HbbvdVK%2Fsk2Wttf9w5EgBYFFwHh9XXu%2F6tZ%2FwU%3D&RelayState=e1s1&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO HTTP 302
- https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
- https://shibboleth.illinois.edu/idp/profile/Authn/SAML2/POST/SSO/start?conversation=e1s1 HTTP 302
- https://login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/saml2?SAMLRequest=fVLLbtswEPwVgXeJFEXJLmE5cGMUNZA2RqT00EtBUauYAEW6fKTt35d%2BFeklV3J2ZmdmV3e%2FZ529gvPKmhaVBUEZGGlHZV5a9Nx%2Fypfobr3yYtb0yDcxHMwT%2FIzgQ5YGjeeXnxZFZ7gVXnluxAyeB8m7zZcHTgvCj84GK61G2cZ7cCFJ3Vvj4wyuA%2FeqJDw%2FPbToEMLRc4z9QQ2D1RAOhdJaGat8AWPEajziRDUpDfi8CT4pULx%2F7HrcdY8o26a9lBHh7OVGp%2B2LMsWspLPeTsGaRAmFtDNmjDULaKacNVTmDATNl7Sa8sWSkBFqVjGo8NkgynbbFv2g6XGoBflABlayoanlKBpSD2RqyABQJpj3EXbGB2FCiyihVV7SvFz0JeVVzWldNDX7jrL9NZKPylyifi%2B%2F4QLy%2FHPf7%2FOTXZR9u1WWAOhaED%2Bru7fNvE8sbnWg9Qk2Cwlcpfbn2RoeVZSn3Ff4Lfm%2FW%2Fia2HbbvdVK%2Fsk2Wttf9w5EgBYFFwHh9XXu%2F6tZ%2FwU%3D&RelayState=e1s1
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
mail.sympadocs.web.illinois.edu/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saml2
login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/ Redirect Chain
|
20 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BssoInterrupt_Core_vh-Mo3E5zaJqWI-ycPlvOw2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
136 KB 48 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
saml2
login.microsoftonline.com/44467e6f-462c-4ea2-823f-7800de5434e3/ |
39 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_chy_qb6g1qbjbxlng2ytiq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
109 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_rBkXYjh21YAKS8SjeOJwmw2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
419 KB 116 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_uwo3eukwj1jimmqictgmkq2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
52 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_560f3c6ac4b56ef7114c.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
153 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration
aadcdn.msauthimages.net/dbd5a2dd-yhr-66ljrk-knru8zyfokmbccodsqpauz2-p94gov28/logintenantbranding/0/ |
154 KB 154 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bannerlogo
aadcdn.msauthimages.net/dbd5a2dd-yhr-66ljrk-knru8zyfokmbccodsqpauz2-p94gov28/logintenantbranding/0/ |
8 KB 8 KB |
Image
image/* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pstringcustomizationhelper_9772c805c34de2cabc91.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
111 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_560f3c6ac4b56ef7114c boolean| __convergedlogin_pstringcustomizationhelper_9772c805c34de2cabc9115 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
shibboleth.illinois.edu/idp | Name: JSESSIONID Value: C1E1B16BF6524BA29AD64AFC45A7A6AC |
|
mail.sympadocs.web.illinois.edu/ | Name: _opensaml_req_ss%3Amem%3Ae684f93313812585dc024233d99315d77109a93ded8e0d7a7cb06e7e5be09845 Value: _ccdbcedd26a64121ed24bf3cdb1acbeb |
|
shibboleth.illinois.edu/ | Name: AWSALB Value: 0L3l+HwU42eQsq5geiJnzLk3xt0KxrwIC00goJVxMi4sy4m74nymrafg98MQqX6BXDts8TSTRQbgTeeoUZvwwpIIOvuRi5q0hyIhKZNWrwpftO1m9t604WZW8h4Y |
|
shibboleth.illinois.edu/ | Name: AWSALBCORS Value: 0L3l+HwU42eQsq5geiJnzLk3xt0KxrwIC00goJVxMi4sy4m74nymrafg98MQqX6BXDts8TSTRQbgTeeoUZvwwpIIOvuRi5q0hyIhKZNWrwpftO1m9t604WZW8h4Y |
|
login.microsoftonline.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
login.microsoftonline.com/ | Name: stsservicecookie Value: estsfd |
|
.login.microsoftonline.com/ | Name: AADSSO Value: NA|NoExtension |
|
login.microsoftonline.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
login.microsoftonline.com/ | Name: buid Value: 0.ARwAb35GRCxGok6CP3gA3lQ041hyt6-ESEVKmoOxB5nlO74cAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-B_6DK2Ri_cCjhsme9S1-h_6r7hFL-DGrmBu8xErdfuvVBqcDLz1m-kuaUrDDeujsbWL8DuIjAgC3cNz7qQehKiBnkl75G5BZ_wcYoe9qFfMgAA |
|
.login.microsoftonline.com/ | Name: esctx Value: PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-SW7eehgKpvnRQmGq3aU6L07wXJd3ya7YoTeT_dhTyp5elDKSrpfMN9kFApZajm19EapOGVmJj0G726OSeW-tsdpWe5-kyaEBlvW1qJWfQFGBKxn3o7MCd85zZTTnjP0pSJOkYiwFdOVNbUkTaK9e0np0KeA8z2564fJ7Kg-r8pwgAA |
|
.login.microsoftonline.com/ | Name: esctx-TAoNE9ySYn8 Value: AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-u1rpNFXisDke6Jc4f08Ib5ausAwEabnWrAC3y-5wPzteensBzmNawazAIDep1ii62FrXO9-JM5hg2X1AS69ff4MKw4czW6K7ap-KIaO67p5LJ8p0dwXmZc3Xdo4E4jReaUtF8Pn1gJtoAxK27DxECiAA |
|
login.microsoftonline.com/ | Name: fpc Value: AjFTwUSLGZhMsEd5TjDR5yyTeNI8AQAAAA3iEN0OAAAA |
|
.login.microsoftonline.com/ | Name: brcap Value: 0 |
|
.login.live.com/ | Name: uaid Value: fa998be26dab49bfbb58ae998d9ad8c4 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1702816526&co=1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msauthimages.net
aadcdn.msftauth.net
login.live.com
login.microsoftonline.com
mail.sympadocs.web.illinois.edu
shibboleth.illinois.edu
18.220.149.166
20.190.151.68
2603:1036:3000:e8::4
2606:2800:21f:1b88:6342:f8de:86c:e98b
2606:2800:21f:3ab5:de35:a4f4:79e0:ff17
2620:1ec:bdf::40
3.20.255.232
0ffc3dacb719f6d6780f6ea0f0f744112c7d11a8c36acec3b381a008043eb284
25721fe271b61d3603683f4351ee48095251bded114bad8af997988e610c4f4e
37119e9799d67c0beeaf93167c0006be310cb8afa32bd6666f427a799ffad845
3c02480c36abc7fbb4b8f7172cff2abec78d09a17642d0e8a219f8178d12f72a
3fd4de4b26a7acec23971755c0e54a144f523b8322c669293fced93b587de41f
45ebebdec2e08443505458e83ac6027c7cc905f858f5f308a4da92d1328c584c
5e47dd51ca94efccd58f4a7dc95a51744493292586fbe031e78f72508f0f4f89
62c7b35c728130c5a262f659268709c22995a19e96b39d66dd1a41489d1eb4f3
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
96fddf259ced2fb9ac3044ebed7617a4f746c98c91c8575589157d8b37232e37
b8c34c9c7774e743e7148e50df94bd5a35a869af3f60796f5b008912bf9337e2
fc5452d1ab8ed5f72e44043cd02b351c6855046ae2558e015f0dede9e8011d78