urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
2603:1037:1:130::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hpd-dev-security.hanz.health.nz/
Effective URL: https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770a-555b-4d67-9122-a28...
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On November 05 via api from IT — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2603:1037:1:130::3, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 9.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 29th 2024. Valid for: 6 months.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 103.241.86.84 134433 (REDSHIELD...)
2 2603:1037:1:1... 8075 (MICROSOFT...)
1 2603:1037:1:1... 8075 (MICROSOFT...)
1 2606:2800:247... 15133 (EDGECAST)
13 5
Apex Domain
Subdomains		 Transfer
6 hanz.health.nz
hpd-dev-security.hanz.health.nz
hpd-dev-security-api.hanz.health.nz
461 KB
3 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 9
21 KB
1 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 866
20 KB
0 live.com Failed
login.live.com Failed
13 4
Domain Requested by
4 hpd-dev-security.hanz.health.nz hpd-dev-security.hanz.health.nz
3 login.microsoftonline.com hpd-dev-security.hanz.health.nz
2 hpd-dev-security-api.hanz.health.nz hpd-dev-security.hanz.health.nz
1 aadcdn.msftauth.net login.microsoftonline.com
0 login.live.com Failed login.microsoftonline.com
13 5

This site contains no links.

Subject Issuer Validity Valid
hpd-dev.hanz.health.nz
Entrust Certification Authority - L1K		 2023-11-07 -
2024-11-12		 a year crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2024-08-29 -
2025-02-28		 6 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2024-05-25 -
2025-05-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770a-555b-4d67-9122-a2834a2cac5e&scope=profile%20openid%20offline_access&redirect_uri=https%3A%2F%2Fhpd-dev-security.hanz.health.nz%2Fauth-redirect&client-request-id=569e3e99-b66a-41be-90f5-ab5bf83e7622&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.30.0&client_info=1&code_challenge=_I4B9FmyYdGMru7-73FJM7TimCS4ABENWoCLVw-qjQo&code_challenge_method=S256&nonce=1bafd03a-4da9-4ed5-99f6-0f6c3756a86e&state=eyJpZCI6IjJhNzFhY2UxLTYwYWMtNDdhZi1iNjgyLTkzZjA3YWJhOTk3NiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Frame ID: 2CC30B634A2ED7FCCE55D2B1265B2222
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. http://hpd-dev-security.hanz.health.nz/ HTTP 307
    https://hpd-dev-security.hanz.health.nz/ Page URL
  2. https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770... Page URL

Page Statistics

13
Requests

77 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

502 kB
Transfer

1787 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hpd-dev-security.hanz.health.nz/ HTTP 307
    https://hpd-dev-security.hanz.health.nz/ Page URL
  2. https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770a-555b-4d67-9122-a2834a2cac5e&scope=profile%20openid%20offline_access&redirect_uri=https%3A%2F%2Fhpd-dev-security.hanz.health.nz%2Fauth-redirect&client-request-id=569e3e99-b66a-41be-90f5-ab5bf83e7622&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.30.0&client_info=1&code_challenge=_I4B9FmyYdGMru7-73FJM7TimCS4ABENWoCLVw-qjQo&code_challenge_method=S256&nonce=1bafd03a-4da9-4ed5-99f6-0f6c3756a86e&state=eyJpZCI6IjJhNzFhY2UxLTYwYWMtNDdhZi1iNjgyLTkzZjA3YWJhOTk3NiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://hpd-dev-security.hanz.health.nz/ HTTP 307
  • https://hpd-dev-security.hanz.health.nz/

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
hpd-dev-security.hanz.health.nz/
Redirect Chain
  • http://hpd-dev-security.hanz.health.nz/
  • https://hpd-dev-security.hanz.health.nz/
921 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security.hanz.health.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
cec9b6ec85e0333d006eb1d072ad3cc0313ad4153a6936b43460057ad1ae6359
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Vary
Accept-Encoding
accept-ranges
bytes
content-length
921
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
content-type
text/html
date
Tue, 05 Nov 2024 23:22:16 GMT
etag
"671f9149-399"
last-modified
Mon, 28 Oct 2024 13:27:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Location
https://hpd-dev-security.hanz.health.nz/
Non-Authoritative-Reason
HttpsUpgrades
main.94863d03.js
hpd-dev-security.hanz.health.nz/static/js/ 		1 MB
409 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security.hanz.health.nz/static/js/main.94863d03.js
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
5f451e9c568548588caa9d95a67d93c6d55de18a086e9b290e9289705312550f
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hpd-dev-security.hanz.health.nz/

Response headers

Transfer-Encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
cache-control
max-age=2592000,public, no-transform
content-encoding
gzip
etag
W/"657316e2-1594a5"
x-content-type-options
nosniff
expires
Thu, 05 Dec 2024 23:22:16 GMT
date
Tue, 05 Nov 2024 23:22:16 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Fri, 08 Dec 2023 13:15:14 GMT
x-frame-options
DENY
main.b19a95ef.css
hpd-dev-security.hanz.health.nz/static/css/ 		233 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security.hanz.health.nz/static/css/main.b19a95ef.css
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
0d4e46f58e98664a98c535e3e8b62381b44125ea3b1aa2ce99d7e9ac86ed919e
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hpd-dev-security.hanz.health.nz/

Response headers

Transfer-Encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
cache-control
max-age=2592000,public, no-transform
content-encoding
gzip
etag
W/"657316e2-3a5f0"
x-content-type-options
nosniff
expires
Thu, 05 Dec 2024 23:22:16 GMT
date
Tue, 05 Nov 2024 23:22:16 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Fri, 08 Dec 2023 13:15:14 GMT
x-frame-options
DENY
GetFrontEndSettings
hpd-dev-security-api.hanz.health.nz/api/1.0/WebClient/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security-api.hanz.health.nz/api/1.0/WebClient/GetFrontEndSettings
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ms-command-name
Access-Control-Request-Method
GET
Origin
https://hpd-dev-security.hanz.health.nz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ms-command-name
access-control-allow-methods
GET
access-control-allow-origin
https://hpd-dev-security.hanz.health.nz
access-control-max-age
7200
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
date
Tue, 05 Nov 2024 23:22:16 GMT
request-context
appId=cid-v1:bf95f569-d2da-4267-9891-50bd58a5ab0c
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
GetFrontEndSettings
hpd-dev-security-api.hanz.health.nz/api/1.0/WebClient/ 		264 B
844 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security-api.hanz.health.nz/api/1.0/WebClient/GetFrontEndSettings
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/static/js/main.94863d03.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
9f308fc3e4bda84f607c9e2e47a927d0b929637e4c82ba146e5bc4c671260653
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hpd-dev-security.hanz.health.nz/
x-ms-command-name
/ ms-rest-js/1.11.2 OS/Linuxx86_64
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type
application/json; charset=utf-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
access-control-allow-credentials
true
x-content-type-options
nosniff
request-context
appId=cid-v1:bf95f569-d2da-4267-9891-50bd58a5ab0c
access-control-allow-origin
https://hpd-dev-security.hanz.health.nz
content-length
264
date
Tue, 05 Nov 2024 23:22:16 GMT
x-xss-protection
1; mode=block
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
x-frame-options
DENY
favicon.ico
hpd-dev-security.hanz.health.nz/ 		15 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://hpd-dev-security.hanz.health.nz/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.241.86.84 Auckland, New Zealand, ASN134433 (REDSHIELD-AS-AP REDSHIELD SECURITY LIMITED, NZ),
Reverse DNS
Software
/
Resource Hash
0c1b9a1a23657a45645e283586d5fdab4819f00086d3470d6858f1fde61f9e46
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hpd-dev-security.hanz.health.nz/users

Response headers

Transfer-Encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
cache-control
max-age=2592000,public, no-transform
content-encoding
gzip
etag
W/"657316b5-3c2e"
x-content-type-options
nosniff
expires
Thu, 05 Dec 2024 23:22:16 GMT
date
Tue, 05 Nov 2024 23:22:16 GMT
x-xss-protection
1; mode=block
content-type
image/x-icon
last-modified
Fri, 08 Dec 2023 13:14:29 GMT
x-frame-options
DENY
instance
login.microsoftonline.com/common/discovery/ 		980 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/static/js/main.94863d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:128::8 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
75401ef8bfd2a4b8b61ddda376a095a5d5e73b0ee93966ced2a7543cb4d2dd40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hpd-dev-security.hanz.health.nz/

Response headers

access-control-expose-headers
x-ms-srs
x-ms-ests-server
2.1.19343.4 - SCUS ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
date
Tue, 05 Nov 2024 23:22:17 GMT
content-type
application/json; charset=utf-8
x-ms-srs
1.P
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=86400, private
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
referrer-policy
strict-origin-when-cross-origin
x-ms-request-id
81c53dc7-9354-4e3f-b0dd-f58b61f30300
access-control-allow-origin
*
content-length
980
x-xss-protection
0
openid-configuration
login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/v2.0/.well-known/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/v2.0/.well-known/openid-configuration
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/static/js/main.94863d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:128::8 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b8c5acb279bdfb749d6fa24d2e87b4f9294ee98bb57fc24822fdcafcbaed24b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://hpd-dev-security.hanz.health.nz/

Response headers

access-control-expose-headers
x-ms-srs
x-ms-ests-server
2.1.19343.4 - AUC ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
date
Tue, 05 Nov 2024 23:22:18 GMT
content-type
application/json; charset=utf-8
x-ms-srs
1.P
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=86400, private
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
referrer-policy
strict-origin-when-cross-origin
x-ms-request-id
981dbc1a-c1c0-4756-ab5e-9fc8d1473c00
access-control-allow-origin
*
content-length
1753
x-xss-protection
0
Primary Request authorize
login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/ 		42 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770a-555b-4d67-9122-a2834a2cac5e&scope=profile%20openid%20offline_access&redirect_uri=https%3A%2F%2Fhpd-dev-security.hanz.health.nz%2Fauth-redirect&client-request-id=569e3e99-b66a-41be-90f5-ab5bf83e7622&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.30.0&client_info=1&code_challenge=_I4B9FmyYdGMru7-73FJM7TimCS4ABENWoCLVw-qjQo&code_challenge_method=S256&nonce=1bafd03a-4da9-4ed5-99f6-0f6c3756a86e&state=eyJpZCI6IjJhNzFhY2UxLTYwYWMtNDdhZi1iNjgyLTkzZjA3YWJhOTk3NiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Requested by
Host: hpd-dev-security.hanz.health.nz
URL: https://hpd-dev-security.hanz.health.nz/static/js/main.94863d03.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:130::3 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ab285b4c55527d96e9882282729f03d76642197c854f9da76cfa707cf944482b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://hpd-dev-security.hanz.health.nz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache
content-encoding
gzip
content-length
15605
content-type
text/html; charset=utf-8
date
Tue, 05 Nov 2024 23:22:19 GMT
expires
-1
link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-frame-options
DENY
x-ms-clitelem
1,0,0,,
x-ms-ests-server
2.1.19343.4 - AUSELR1 ProdSlices
x-ms-request-id
b21d1a59-53fd-4a33-aacb-2ce324145500
x-ms-srs
1.P
x-xss-protection
0
converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		111 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/494a2d87-24b5-42d8-8a3d-77448be1d46f/oauth2/v2.0/authorize?client_id=1c7d770a-555b-4d67-9122-a2834a2cac5e&scope=profile%20openid%20offline_access&redirect_uri=https%3A%2F%2Fhpd-dev-security.hanz.health.nz%2Fauth-redirect&client-request-id=569e3e99-b66a-41be-90f5-ab5bf83e7622&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.30.0&client_info=1&code_challenge=_I4B9FmyYdGMru7-73FJM7TimCS4ABENWoCLVw-qjQo&code_challenge_method=S256&nonce=1bafd03a-4da9-4ed5-99f6-0f6c3756a86e&state=eyJpZCI6IjJhNzFhY2UxLTYwYWMtNDdhZi1iNjgyLTkzZjA3YWJhOTk3NiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:247:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nwa/E7C6) /
Resource Hash
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

content-md5
8N6amNvfqMAnQs5tkvslJA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCDDAB171F8006
age
3478554
x-ms-version
2009-09-19
x-cache
HIT
date
Tue, 05 Nov 2024 23:22:20 GMT
content-type
text/css
last-modified
Wed, 25 Sep 2024 21:43:27 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
2fe1eb36-d01e-0050-2136-104337000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
20400
x-ms-blob-type
BlockBlob
server
ECAcc (nwa/E7C6)
ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		0
0
ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
0
Me.htm
login.live.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
aadcdn.msftauth.net
URL
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
Domain
aadcdn.msftauth.net
URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
Domain
login.live.com
URL
https://login.live.com/Me.htm?v=3

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData

6 Cookies

Domain/Path Name / Value
login.microsoftonline.com/ Name: buid
Value: 1.AUEAhy1KSbUk2EKKPXdEi-HUbwp3fRxbVWdNkSKig0osrF5BAABBAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeXIuQHpt_rGJce_KV3TRY26RTjtCFz4B2irW-YMPtFHnCWvJgsQTt1uDu3KeCQ3voAC1S9rPF0UldX6tS1-Wx26EGc0Hzv0OjC63P8ZBM85EgAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe1ZN00evzf4oLfbpTz5EdI5jagSgOX9mVnBkRrdKVtTT1nws19Pqdnxf_UPQFrpeCvNpgpV4kq3NcWxpXTtPJcjsL7i8EDDfuVlAFaNsaTIc8anWWF-gKNTF5G3_F-m_TffoPiPn5O4EitsuZZf4WxrsIjDQIEKxqwjYnu4xs-j4gAA
.login.microsoftonline.com/ Name: esctx-OCmnR7g9Q8
Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFeVxJNpgjgX9oB9jFcEnNo7IB3FGMN0u8M9g0N9DxKnZRpSludFYM6mcmQurnKxs3Mz34rKVlUtp4g0vhyIxkHKDtUZuH78OdHEamaZK17VvPA444lfFr30LXgG5UlnkE5NlZ4qyUo1MGO6dOStJHxCSAA
login.microsoftonline.com/ Name: fpc
Value: AkoT6KJMt7pItuKiTXxvVmuaLL0LAQAAAKqfvN4OAAAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src data: https:; connect-src https: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block