login.microsoftonline.com Open in urlscan Pro
20.190.159.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://transfert.sa-patrimoine.com/
Effective URL:
https://login.microsoftonline.com/6247e54a-5c49-4f4b-b888-1a359f68e4fa/saml2?SAMLRequest=jZHNasMwEIRfxeguW3bi%2FAjbENpLIIWStD30tnH...
Submission: On January 08 via api (January 8th 2025, 6:54:05 pm UTC) from US — Scanned from IL

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 14 domains to perform 45 HTTP transactions. The main IP is 20.190.159.4, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 10.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 31st 2024. Valid for: 6 months.

This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	54.230.228.108 54.230.228.108	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
1 1	18.195.227.81 18.195.227.81	16509 (AMAZON-02) (AMAZON-02)
1	18.173.154.38 18.173.154.38	16509 (AMAZON-02) (AMAZON-02)
1	54.230.228.36 54.230.228.36	16509 (AMAZON-02) (AMAZON-02)
2	18.66.192.60 18.66.192.60	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.168 142.250.185.168	15169 (GOOGLE) (GOOGLE)
2	108.138.36.84 108.138.36.84	16509 (AMAZON-02) (AMAZON-02)
5	13.107.246.45 13.107.246.45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
1	66.102.1.155 66.102.1.155	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
2	20.190.159.4 20.190.159.4	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.199.21.175 152.199.21.175	() ()
45	15

18 54.230.228.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-108.muc50.r.cloudfront.net

transfert.sa-patrimoine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.227.81 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-227-81.eu-central-1.compute.amazonaws.com

discovery.fromsmash.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.154.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-38.muc50.r.cloudfront.net

discovery.eu-central-1.fromsmash.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.228.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-36.muc50.r.cloudfront.net

fromsmash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.192.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-60.muc50.r.cloudfront.net

iam.eu-central-1.fromsmash.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-84.muc50.r.cloudfront.net

domain.fromsmash.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.102.1.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.190.159.4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.21.175 (None, )

ASN- ()

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	sa-patrimoine.com transfert.sa-patrimoine.com	584 KB
6	fromsmash.co 1 redirects discovery.fromsmash.co — Cisco Umbrella Rank: 641477 discovery.eu-central-1.fromsmash.co iam.eu-central-1.fromsmash.co domain.fromsmash.co — Cisco Umbrella Rank: 530485	9 KB
3	msauth.net aadcdn.msauth.net Failed	50 KB
2	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 10	18 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 182	562 B
2	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 625 p.clarity.ms Failed	29 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	239 KB
1	msftauth.net aadcdn.msftauth.net	20 KB
1	google.co.il www.google.co.il — Cisco Umbrella Rank: 35336	408 B
1	google.com analytics.google.com — Cisco Umbrella Rank: 142
1	fromsmash.com fromsmash.com — Cisco Umbrella Rank: 312027	42 KB
1	gstatic.com fonts.gstatic.com	18 KB
0	live.com Failed login.live.com Failed
0	bing.com Failed c.bing.com Failed
45	14

	Domain	Requested by
18	transfert.sa-patrimoine.com	transfert.sa-patrimoine.com
3	aadcdn.msauth.net	login.microsoftonline.com
2	login.microsoftonline.com	transfert.sa-patrimoine.com aadcdn.msauth.net
2	www.clarity.ms	transfert.sa-patrimoine.com www.clarity.ms
2	domain.fromsmash.co	transfert.sa-patrimoine.com
2	www.googletagmanager.com	transfert.sa-patrimoine.com www.googletagmanager.com
2	iam.eu-central-1.fromsmash.co	transfert.sa-patrimoine.com
1	aadcdn.msftauth.net	login.microsoftonline.com
1	www.google.co.il
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	transfert.sa-patrimoine.com
1	fromsmash.com
1	discovery.eu-central-1.fromsmash.co
1	discovery.fromsmash.co	1 redirects
1	fonts.gstatic.com	transfert.sa-patrimoine.com
0	login.live.com Failed	login.microsoftonline.com
0	p.clarity.ms Failed	transfert.sa-patrimoine.com
0	c.bing.com Failed
45	19

This site contains no links.

Subject Issuer	Validity	Valid
transfert.sa-patrimoine.com Amazon RSA 2048 M02	`2025-01-08` - `2026-02-06`	a year	crt.sh
*.gstatic.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
fromsmash.com Amazon RSA 2048 M03	`2024-08-25` - `2025-09-22`	a year	crt.sh
*.eu-central-1.fromsmash.co Amazon RSA 2048 M02	`2024-08-10` - `2025-09-08`	a year	crt.sh
*.google-analytics.com WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.eu-west-3.fromsmash.co Amazon RSA 2048 M03	`2024-08-10` - `2025-09-07`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.doubleclick.net WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
*.google.co.il WR2	`2024-12-09` - `2025-03-03`	3 months	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2024-08-31` - `2025-02-28`	6 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2024-10-29` - `2025-10-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com/6247e54a-5c49-4f4b-b888-1a359f68e4fa/saml2?SAMLRequest=jZHNasMwEIRfxeguW3bi%2FAjbENpLIIWStD30tnHWtcCSXO067eNXScipUHodZr%2FZna0I7DDqzcS92%2BPnhMTJtx0c1WIKTnsgQ9qBRdLc6sPmaaeLVGmLDCdgEDezvlL%2BHhmDZ9%2F6QSTbx1pAodQC1UnJY9Gt5HxRolx1a5DdUc3Wy3zRLstSJG8YyHhXi0iIg0QTbh0xOI6SKpTMC6mWL3mp80KrPF2p%2BfvF9wxE5oy16GAgFMmGCANH0oN3NFkMBwxn0%2BLrfleLnnkknWUGbIqT%2FIodyFnaBW%2FJAvVp67PLfRmZD%2BedaKrrHuE%2FPcE9VzT3FA7gqItqSiBH4GCsNw5jiq2yG7mpst9vaX4A
Frame ID: 878E16A84911512E9886A30D01769A50
Requests: 43 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-G0NDDGZ0SY&gacid=1261254650.1736362434&gtm=45je4cc1v880598030z8846552796za200zb846552796&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1234405950
Frame ID: 9BB89F7EABD1E78AA618ECEF42FBB9D2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

היכנס לחשבון שלך

Page URL History Show full URLs

https://transfert.sa-patrimoine.com/ Page URL
https://login.microsoftonline.com/6247e54a-5c49-4f4b-b888-1a359f68e4fa/saml2?SAMLRequest=jZHNasMwEIRfxeguW3bi%... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

84 %
HTTPS

0 %
IPv6

14
Domains

19
Subdomains

15
IPs

3
Countries

1010 kB
Transfer

3881 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://transfert.sa-patrimoine.com/ Page URL
https://login.microsoftonline.com/6247e54a-5c49-4f4b-b888-1a359f68e4fa/saml2?SAMLRequest=jZHNasMwEIRfxeguW3bi%2FAjbENpLIIWStD30tnHWtcCSXO067eNXScipUHodZr%2FZna0I7DDqzcS92%2BPnhMTJtx0c1WIKTnsgQ9qBRdLc6sPmaaeLVGmLDCdgEDezvlL%2BHhmDZ9%2F6QSTbx1pAodQC1UnJY9Gt5HxRolx1a5DdUc3Wy3zRLstSJG8YyHhXi0iIg0QTbh0xOI6SKpTMC6mWL3mp80KrPF2p%2BfvF9wxE5oy16GAgFMmGCANH0oN3NFkMBwxn0%2BLrfleLnnkknWUGbIqT%2FIodyFnaBW%2FJAvVp67PLfRmZD%2BedaKrrHuE%2FPcE9VzT3FA7gqItqSiBH4GCsNw5jiq2yG7mpst9vaX4A Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://discovery.fromsmash.co/namespace/public/services?version=02-2023 HTTP 307
https://discovery.eu-central-1.fromsmash.co/namespace/public/services?version=02-2023

Request Chain 33

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=807E998AD4854AEC8A61FB79C2B2CABF&RedC=c.clarity.ms&MXFR=19265B3FAED362C02DC14E51AAD36CEC

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
transfert.sa-patrimoine.com/ 188 KB
36 KB 700ms
401ms Document
text/html 54.230.228.108
AMAZON-02

General

Domain/Path	Expires	Name / Value
.sa-patrimoine.com/	1970-01-21 06:42:21	Name: _slang Value: %22en%22
.transfert.sa-patrimoine.com/	1970-01-21 06:42:21	Name: _slang Value: %22en%22
.transfert.sa-patrimoine.com/	1970-01-21 03:03:10	Name: _sid Value: %7B%22id%22%3A%221c73f83f-ae3e-41f7-9736-8cb42b87b18c-da%22%2C%22region%22%3A%22eu-central-1%22%2C%22created%22%3A%222025-01-08T18%3A53%3A53.225Z%22%2C%22modified%22%3A%222025-01-08T18%3A53%3A53.225Z%22%2C%22token%22%3A%7B%22token%22%3A%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFjNzNmODNmLWFlM2UtNDFmNy05NzM2LThjYjQyYjg3YjE4Yy1kYSIsInJlZ2lvbiI6ImV1LWNlbnRyYWwtMSIsImlwIjoiMzEuMTg3Ljc4LjIwMCIsImFjY291bnQiOiIxYzczZjgzZi1hZTNlLTQxZjctOTczNi04Y2I0MmI4N2IxOGMtZGEiLCJpYXQiOjE3MzYzNjI0MzMsImV4cCI6MTczNjk2NzIzM30.QtVQaDkIxHriaY2wi4zALLIemkuSEX3-RNBuseQqx94%22%2C%22issuedAt%22%3A%222025-01-08T18%3A53%3A53.000Z%22%2C%22expiration%22%3A%222025-01-15T18%3A53%3A53.000Z%22%2C%22type%22%3A%22Bearer%22%7D%2C%22refreshToken%22%3A%7B%22token%22%3A%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFjNzNmODNmLWFlM2UtNDFmNy05NzM2LThjYjQyYjg3YjE4Yy1kYSIsInJlZ2lvbiI6ImV1LWNlbnRyYWwtMSIsImlwIjoiMzEuMTg3Ljc4LjIwMCIsImFjY291bnQiOiIxYzczZjgzZi1hZTNlLTQxZjctOTczNi04Y2I0MmI4N2IxOGMtZGEiLCJpYXQiOjE3MzYzNjI0MzMsImV4cCI6MTc2NzkyMDAzM30.kM0btvoe0oxa6NdPHQBWtAKtFds_UPfi2azgus5jBXo%22%2C%22issuedAt%22%3A%222025-01-08T18%3A53%3A53.000Z%22%2C%22expiration%22%3A%222026-01-09T00%3A53%3A53.000Z%22%7D%7D
.sa-patrimoine.com/	1970-01-21 11:55:22	Name: _ga Value: GA1.1.1261254650.1736362434
.doubleclick.net/	1970-01-21 02:19:23	Name: test_cookie Value: CheckForPermission
www.clarity.ms/	1970-01-21 11:04:58	Name: CLID Value: 3fefd7356b6146fdbcf7280c223efa33.20250108.20260108
.sa-patrimoine.com/	1970-01-21 11:04:58	Name: _clck Value: 129ab5j%7C2%7Cfse%7C0%7C1834
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: T
.clarity.ms/	1970-01-21 11:40:58	Name: MUID Value: 19265B3FAED362C02DC14E51AAD36CEC
login.microsoftonline.com/	1970-01-21 03:02:34	Name: buid Value: 1.AVwASuVHYklcS0-4iBo1n2jk-hc4JIXMP9FBr0zAnB20bbjnAABcAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFerfwh52Ma3UV8XZz8fyN75SP2ycm1TKWIwSNt0Hm_MLp9c9ylnNwhk3TyQ8nSOfAKUAWOafHr_TLij7p0bMLlg-G1Ko0i4iwBBrEsIH4tle4gAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeUSFUmRIGCggzAk3Vnq7oMITW8IYXqVtYTn5NFt6EzvgCKAJmeEw8MKHMhm-QFHQKELIk4qbC1fa39uxpTl4NwnQnWsmBvPdOOnCzDRg2kmWEMp2DoY-h7rUzNOMQhd-4xwQHTooR_RIoo9XiIC_Afwk9sn83aB-wTDberz3Qp5cgAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx-MCoM6NrWX7Q Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFeW2xf8ZH-DATelTxGoG91STmhA5xjmvyqmUwyYoB9i0g2ltU7-Tqo1vS1OhCSwh6snEzG7QFZrZPrV0fBmUiJze0R14MFAkych6Fofxbpa85BFfSCYUHs9EknZSydSkztArn4nw1RUE5qfpdEEypdYyAA
login.microsoftonline.com/	1970-01-21 03:02:34	Name: fpc Value: ArTTr2_SCr5Mo28K2IHl5a03-rmqAQAAAMLAEN8OAAAA
login.microsoftonline.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
login.microsoftonline.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.sa-patrimoine.com/	1970-01-21 11:55:22	Name: _ga_G0NDDGZ0SY Value: GS1.1.1736362433.1.0.1736362434.59.0.0

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

login.microsoftonline.com Open in urlscan Pro 20.190.159.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

84 %HTTPS

0 %IPv6

14 Domains

19 Subdomains

15 IPs

3 Countries

1010 kBTransfer

3881 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

login.microsoftonline.com Open in urlscan Pro
20.190.159.4 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

84 %
HTTPS

0 %
IPv6

14
Domains

19
Subdomains

15
IPs

3
Countries

1010 kB
Transfer

3881 kB
Size

16
Cookies

45 HTTP transactions
0 data transactions