login-microsoftonline-8d818068.hafe1e.com Open in urlscan Pro
2.56.56.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www1.dramacool.ee/scripts/goto.php?url=https%3A%2F%2Frosimillaww.de%2Fvendor%2Fguzzle%2Freset%2F%3Feqp%3DdXNlcm5hb...
Effective URL:
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=...
Submission: On June 29 via manual (June 29th 2022, 9:15:25 am UTC) from GB — Scanned from GB

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2.56.56.209, located in Netherlands and belongs to AS-SERVERION, US. The main domain is login-microsoftonline-8d818068.hafe1e.com.
TLS certificate: Issued by R3 on June 19th 2022. Valid for: 3 months.

This is the only time login-microsoftonline-8d818068.hafe1e.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:4741	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a01:4f8:d0a:... 2a01:4f8:d0a:6058::2	24940 (HETZNER-AS) (HETZNER-AS)
1 7	2.56.56.209 2.56.56.209	399471 (AS-SERVERION) (AS-SERVERION)
12	2

1 2606:4700:20::ac43:4741 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www1.dramacool.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:d0a:6058::2 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

rosimillaww.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.56.56.209 (Netherlands) 1 redirects

ASN399471 (AS-SERVERION, US)

login-microsoftonline.hafe1e.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login-microsoftonline-8d818068.hafe1e.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.hafe1e.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn-msftauth-8d818068.hafe1e.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	hafe1e.com 1 redirects login-microsoftonline.hafe1e.com login-microsoftonline-8d818068.hafe1e.com login.hafe1e.com aadcdn-msftauth-8d818068.hafe1e.com	322 KB
1	rosimillaww.de 1 redirects rosimillaww.de	152 B
1	dramacool.ee 1 redirects www1.dramacool.ee — Cisco Umbrella Rank: 208240	571 B
12	3

	Domain	Requested by
3	login-microsoftonline.hafe1e.com	1 redirects login-microsoftonline.hafe1e.com
2	login-microsoftonline-8d818068.hafe1e.com	login-microsoftonline.hafe1e.com login-microsoftonline-8d818068.hafe1e.com
1	aadcdn-msftauth-8d818068.hafe1e.com	login-microsoftonline-8d818068.hafe1e.com aadcdn-msftauth-8d818068.hafe1e.com
1	login.hafe1e.com	login-microsoftonline-8d818068.hafe1e.com
1	rosimillaww.de	1 redirects
1	www1.dramacool.ee	1 redirects
12	6

This site contains no links.

Subject Issuer	Validity	Valid
hafe1e.com R3	`2022-06-19` - `2022-09-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com&sso_reload=true
Frame ID: 9EED2EED9F7AFB88F85E5E7EA4C9D484
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www1.dramacool.ee/scripts/goto.php?url=https%3A%2F%2Frosimillaww.de%2Fvendor%2Fguzzle%2Freset%... HTTP 302
https://rosimillaww.de/vendor/guzzle/reset/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5... HTTP 302
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Page URL
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Page URL
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&sso_reload=true HTTP 302
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553... Page URL
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553... Page URL

Page Statistics

12
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

6
Subdomains

2
IPs

3
Countries

321 kB
Transfer

1089 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www1.dramacool.ee/scripts/goto.php?url=https%3A%2F%2Frosimillaww.de%2Fvendor%2Fguzzle%2Freset%2F%3Feqp%3DdXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= HTTP 302
https://rosimillaww.de/vendor/guzzle/reset/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= HTTP 302
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Page URL
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Page URL
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&sso_reload=true HTTP 302
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com Page URL
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www1.dramacool.ee/scripts/goto.php?url=https%3A%2F%2Frosimillaww.de%2Fvendor%2Fguzzle%2Freset%2F%3Feqp%3DdXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= HTTP 302
https://rosimillaww.de/vendor/guzzle/reset/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= HTTP 302
https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&

Request Chain 2

https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&sso_reload=true HTTP 302
https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response login-microsoftonline.hafe1e.com/ Redirect Chain https://www1.dramacool.ee/scripts/goto.php?url=https%3A%2F%2Frosimillaww.de%2Fvendor%2Fguzzle%2Freset%2F%3Feqp%3DdXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= https://rosimillaww.de/vendor/guzzle/reset/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20= https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&	72 KB 25 KB	257ms 120ms	Document text/html	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software nginx/1.21.6 / Resource Hash `4926e0bb7f96164c95cc29667667c26d05fd1d9df1924b6bd766fb4d76a26b11` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:20 GMT server nginx/1.21.6 vary Accept-Encoding Redirect headers content-length 0 content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:20 GMT location https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& server Apache
GET H2	200	/ Show response login-microsoftonline.hafe1e.com/	289 KB 84 KB	398ms 398ms	Document text/html	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Requested by Host: login-microsoftonline.hafe1e.com URL: https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software nginx/1.21.6 / Resource Hash `666b3a46c64adec567628750ade191c1cccc5c4e898aea21e03feb255109e181` Request headers Referer https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:21 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-8d818068.hafe1e.com/api/report?catId=GW+estsfd+ams2"}]} server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13006.6 - NEULR1 ProdSlices x-ms-request-id f535e7c8-effc-48c6-adb0-f41c37d5be00
GET H2	200	authorize Show response login-microsoftonline-8d818068.hafe1e.com/common/oauth2/ Redirect Chain https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=&sso_reload=true https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.h...	150 KB 54 KB	928ms 884ms	Document text/html	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com Requested by Host: login-microsoftonline.hafe1e.com URL: https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software nginx/1.21.6 / Resource Hash `82e0ba9e9903e7fd4b20d179b84a358c2f99f643988efd314a1320d31dc73383` Request headers Referer https://login-microsoftonline.hafe1e.com/?eqp=dXNlcm5hbWU9ZmlnZW4uZGF5YW5AY29sbGluc2Flcm9zcGFjZS5jb20=& Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:22 GMT p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13006.6 - BNO1 ProdSlices x-ms-request-id 33d7b5b8-9d2e-4493-8196-a67bbaec4500 Redirect headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:21 GMT location https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com# nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-8d818068.hafe1e.com/api/report?catId=GW+estsfd+ams2"}]} server nginx/1.21.6 vary Accept-Encoding x-ms-ests-server 2.1.13006.6 - NEULR2 ProdSlices x-ms-request-id 2363ac94-f0ef-464f-9e5b-4748f9a24400
GET H2	200	Primary Request authorize Show response login-microsoftonline-8d818068.hafe1e.com/common/oauth2/	197 KB 50 KB	977ms 977ms	Document text/html	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com&sso_reload=true Requested by Host: login-microsoftonline-8d818068.hafe1e.com URL: https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software nginx/1.21.6 / Resource Hash `8090b8c231695d9dbd38314782e176b8bd02614c5037f6cfc4a06cbd89bb25e7` Request headers Referer https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Wed, 29 Jun 2022 09:15:23 GMT p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13006.6 - BNO1 ProdSlices x-ms-request-id 6ebbb29b-f071-4b95-af40-aa5f2a6c0000
GET H2	200	Me.htm login.hafe1e.com/	0 0	418ms 379ms	Other text/html	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://login.hafe1e.com/Me.htm?v=3 Requested by Host: login-microsoftonline-8d818068.hafe1e.com URL: https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software / Resource Hash Request headers accept-language en-GB,en;q=0.9 Referer https://login-microsoftonline-8d818068.hafe1e.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers
GET H2	200	ConvergedLogin_PCore_UbUmcyGu3AmHaoehHvoQJA2.js Show response aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/	379 KB 108 KB	617ms 489ms	Script application/x-javascript	2.56.56.209 AS-SERVERION
General Check archive.org Show headers Download Go to Full URL https://aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/ConvergedLogin_PCore_UbUmcyGu3AmHaoehHvoQJA2.js Requested by Host: login-microsoftonline-8d818068.hafe1e.com URL: https://login-microsoftonline-8d818068.hafe1e.com/common/oauth2/authorize?response_type=code&client_id=57a5ab81-7267-4f0d-9553-ed948573d5c6&scope=&redirect_uri=https%3a%2f%2flogin-microsoftonline.hafe1e.com%2fcommon%2ffederation%2foauth2&response_mode=form_post&windows_api_version=&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQipLP0Zm2757Dg0fLVhnXtd2YxSuTkp2fmYegsLb7AyPiCkXESk0JaZnpqnl5KYmVinkNyfg5QujgxFai4IDEZbMMtJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQkVPWJCu__-DvNi_a3ePnIheGU6z6wTlmZd5unpEVwXmlJcZBQaHOFcYpSYFlYeG5BV6pOX5FhXkV_hWuJW76FrYGVoYT2IROsTF8YGPsYGeYxc5wgJPxEJcQphcP8DL84NvTs3vpv63T3noAAA2&login_hint=figen.dayan%40collinsaerospace.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.56.56.209 , Netherlands, ASN399471 (AS-SERVERION, US), Reverse DNS Software nginx/1.21.6 / Resource Hash `37da098f5c27433b58f3212e4816e8f96d7b3f216b248d8ba572688c1d10a196` Request headers Referer https://login-microsoftonline-8d818068.hafe1e.com/ Origin https://login-microsoftonline-8d818068.hafe1e.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Wed, 29 Jun 2022 09:15:24 GMT content-encoding gzip last-modified Thu, 26 May 2022 23:21:49 GMT server nginx/1.21.6 age 2827482 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type application/x-javascript access-control-allow-origin * x-ms-request-id 21bc3279-601e-001b-37e1-71b5e2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET		oneDs_6ca86789a5ca36d5de0c.js aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/	0 0

GET		converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css aadcdn-msftauth-8d818068.hafe1e.com/ests/2.1/content/cdnbundles/	0 0

GET		ux.converged.login.strings-en-gb.min_jbiwzm7cmotgi6xpyjysgg2.js aadcdn-msftauth-8d818068.hafe1e.com/ests/2.1/content/cdnbundles/	0 0

GET		convergedlogin_pcustomizationloader_87a35ded5475e7847fb4.js aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/asyncchunk/	0 0

GET		2_bc3d32a696895f78c19df6c717586a5d.svg aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/images/backgrounds/	0 0

GET		microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/oneDs_6ca86789a5ca36d5de0c.js

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_jbiwzm7cmotgi6xpyjysgg2.js

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_87a35ded5475e7847fb4.js

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

Domain: aadcdn-msftauth-8d818068.hafe1e.com
URL: https://aadcdn-msftauth-8d818068.hafe1e.com/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hafe1e.com/	1970-01-20 12:53:50	Name: __CDf4 Value: OGQ4MTgwNjgtNjYwMS00OTdmLTljZWMtNDU5ZGVhZGYzNTQyOmU3YzEyMjY1LWQ3YzYtNDFlYS04NDNkLWVjOWU3YmNjNTJjMw==
.login-microsoftonline.hafe1e.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login-microsoftonline.hafe1e.com/	1970-01-20 04:08:14	Name: SSOCOOKIEPULLED Value: 1
login-microsoftonline-8d818068.hafe1e.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsusgov
login-microsoftonline-8d818068.hafe1e.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: 001
.login-microsoftonline-8d818068.hafe1e.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login-microsoftonline-8d818068.hafe1e.com/	1970-01-20 04:08:14	Name: SSOCOOKIEPULLED Value: 1
.hafe1e.com/	1969-12-31 23:59:59	Name: esctx Value: AQABAAAAAgBXxJ9NxOLiQKGXj-vdb8Bdo4preqBMrV_E4zsh9VBqxVFHikomnF3kFKDqv-cGgZQpQcE8bSxZ6JBrhkifRN8NADZ5LHV5rtSKU_GGqBD9-IyXr66u44OoS_p9U-YpQ1H2V4jv9cWM6CQie5slmWVD-CXGZqJiDNRkpNdHQmTtdiJvT_pbNQbwTiIzkAxYCDYgAA
login-microsoftonline-8d818068.hafe1e.com/	1970-02-08 08:59:40	Name: buid Value: 0.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AQABAAEAAgBXxJ9NxOLiQKGXj-vdb8BdQN_fIxDXpz3svxzXOuX4MIFifAvz8Xr_TW7Q8gUWYXOEUC_Qe6cFwjdSwJ0-tyZon5hbBtBaJ5ANzg8bWUy828a8omg4_ozeHr8DQ9wweUAgAA
login-microsoftonline-8d818068.hafe1e.com/	1970-02-08 08:59:40	Name: fpc Value: AkOO6f5WVZlAqahwWotvcTdJsoi4AQAAACsPTtoOAAAA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn-msftauth-8d818068.hafe1e.com
login-microsoftonline-8d818068.hafe1e.com
login-microsoftonline.hafe1e.com
login.hafe1e.com
rosimillaww.de
www1.dramacool.ee
aadcdn-msftauth-8d818068.hafe1e.com
2.56.56.209
2606:4700:20::ac43:4741
2a01:4f8:d0a:6058::2
37da098f5c27433b58f3212e4816e8f96d7b3f216b248d8ba572688c1d10a196
4926e0bb7f96164c95cc29667667c26d05fd1d9df1924b6bd766fb4d76a26b11
666b3a46c64adec567628750ade191c1cccc5c4e898aea21e03feb255109e181
8090b8c231695d9dbd38314782e176b8bd02614c5037f6cfc4a06cbd89bb25e7
82e0ba9e9903e7fd4b20d179b84a358c2f99f643988efd314a1320d31dc73383

login-microsoftonline-8d818068.hafe1e.com Open in urlscan Pro 2.56.56.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

12 Requests

50 %HTTPS

67 %IPv6

3 Domains

6 Subdomains

2 IPs

3 Countries

321 kBTransfer

1089 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

10 Cookies

Indicators

login-microsoftonline-8d818068.hafe1e.com Open in urlscan Pro
2.56.56.209 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

50 %
HTTPS

67 %
IPv6

3
Domains

6
Subdomains

2
IPs

3
Countries

321 kB
Transfer

1089 kB
Size

10
Cookies

12 HTTP transactions
0 data transactions