Submitted URL: https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQU9tVVJlaVVSUUdUaDluaTJHeG9SOXJwcER0SzROUT0iLCJocmVmIjoiaHR0cHM6...
Effective URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Submission: On December 02 via api from US — Scanned from US

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 32 HTTP transactions. The main IP is 2603:1037:1:130::6, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 10.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 29th 2024. Valid for: 6 months.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 108.139.29.121 16509 (AMAZON-02)
9 13.226.94.54 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2603:1037:1:1... 8075 (MICROSOFT...)
11 2606:2800:11f... 15133 (EDGECAST)
1 20.190.190.193 8075 (MICROSOFT...)
2 2620:1ec:bdf::40 8075 (MICROSOFT...)
1 2603:1037:1:8::4 8075 (MICROSOFT...)
1 51.116.253.168 8075 (MICROSOFT...)
32 11
Apex Domain
Subdomains
Transfer
11 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 876
395 KB
10 workhuman.com
click1.workhuman.com — Cisco Umbrella Rank: 546702
cloud.workhuman.com — Cisco Umbrella Rank: 40257
idp.workhuman.com — Cisco Umbrella Rank: 99493
359 KB
2 msftauthimages.net
aadcdn.msftauthimages.net — Cisco Umbrella Rank: 3227
256 KB
2 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 10
17 KB
2 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1024
a15928870500.cdn.optimizely.com — Cisco Umbrella Rank: 105388
rum.optimizely.com Failed
89 KB
1 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 94 Failed
1 microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1114
2 KB
1 live.com
login.live.com — Cisco Umbrella Rank: 61
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
32 9
Domain Requested by
11 aadcdn.msftauth.net login.microsoftonline.com
aadcdn.msftauth.net
7 cloud.workhuman.com cloud.workhuman.com
2 aadcdn.msftauthimages.net
2 login.microsoftonline.com aadcdn.msftauth.net
2 idp.workhuman.com
1 browser.events.data.microsoft.com aadcdn.msftauth.net
1 autologon.microsoftazuread-sso.com
1 login.live.com login.microsoftonline.com
1 a15928870500.cdn.optimizely.com cdn.optimizely.com
1 fonts.googleapis.com cloud.workhuman.com
1 cdn.optimizely.com cloud.workhuman.com
1 click1.workhuman.com 1 redirects
0 rum.optimizely.com Failed cdn.optimizely.com
32 13

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
*.workhuman.com
Amazon RSA 2048 M02
2024-11-27 -
2025-12-26
a year crt.sh
cdn.optimizely.com
WE1
2024-10-21 -
2025-01-19
3 months crt.sh
upload.video.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA
2024-08-29 -
2025-02-28
6 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA
2024-05-25 -
2025-05-25
a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA
2024-08-26 -
2025-02-26
6 months crt.sh
aadcdn.msftauthimages.net
Microsoft Azure RSA TLS Issuing CA 03
2024-09-12 -
2025-09-07
a year crt.sh
autologon.microsoftazuread-sso.com
DigiCert SHA2 Secure Server CA
2024-10-06 -
2025-04-06
6 months crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 08
2024-09-27 -
2025-09-22
a year crt.sh

This page contains 2 frames:

Primary Page: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Frame ID: 253D278441DD9494C48DEFDD1B01E09F
Requests: 30 HTTP requests in this frame

Frame: https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Frame ID: EAE2DEBE1AF6D5130523CAC5839E738C
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Sign in to your account

Page URL History Show full URLs

  1. https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQU9tVVJlaVVSUUdUaDluaTJHeG9SOXJwcER0SzROUT0i... HTTP 302
    https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Ca... Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3F... Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abd... Page URL
  4. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

32
Requests

94 %
HTTPS

64 %
IPv6

9
Domains

13
Subdomains

11
IPs

2
Countries

1117 kB
Transfer

3268 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQU9tVVJlaVVSUUdUaDluaTJHeG9SOXJwcER0SzROUT0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249Q3liZXJfV2Vla19SZWRlbXB0aW9uX0NhbXBhaWduX1JFRDI0LTAxNFx1MDAyNnV0bV9jb250ZW50PTEyMjRfcnJfY3liZXJfdXNfX2J0bjEjIXNhYnJlL2NvbGxlY3Rpb25zL2N5YmVyX3dlZWtfc2FsZV9ub3YyNF91c2EiLCJpbnRlcm5hbCI6ImYzYjQwNjI1ZjhiNDAxZTk5NDQ1IiwibGlua19pZCI6NTM3fQ/5efa709746aa02a12eb97998f784ad752405b5adb5224fd8ed0759bada96f492 HTTP 302
    https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1 Page URL
  2. https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3Futm_source%3Dcio%26utm_medium%3Demail%26utm_campaign%3DCyber_Week_Redemption_Campaign_RED24-014%26utm_content%3D1224_rr_cyber_us__btn1%23%2Fsabre%2Fcollections%2Fcyber_week_sale_nov24_usa Page URL
  3. https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abdb-699141848e61/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dsabre Page URL
  4. https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQU9tVVJlaVVSUUdUaDluaTJHeG9SOXJwcER0SzROUT0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9tZWRpdW09ZW1haWxcdTAwMjZ1dG1fY2FtcGFpZ249Q3liZXJfV2Vla19SZWRlbXB0aW9uX0NhbXBhaWduX1JFRDI0LTAxNFx1MDAyNnV0bV9jb250ZW50PTEyMjRfcnJfY3liZXJfdXNfX2J0bjEjIXNhYnJlL2NvbGxlY3Rpb25zL2N5YmVyX3dlZWtfc2FsZV9ub3YyNF91c2EiLCJpbnRlcm5hbCI6ImYzYjQwNjI1ZjhiNDAxZTk5NDQ1IiwibGlua19pZCI6NTM3fQ/5efa709746aa02a12eb97998f784ad752405b5adb5224fd8ed0759bada96f492 HTTP 302
  • https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1

32 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
cloud.workhuman.com/store/
Redirect Chain
  • https://click1.workhuman.com/e/c/eyJlbWFpbF9pZCI6ImRnVHp0QVlBQU9tVVJlaVVSUUdUaDluaTJHeG9SOXJwcER0SzROUT0iLCJocmVmIjoiaHR0cHM6Ly9jbG91ZC53b3JraHVtYW4uY29tL3N0b3JlLz91dG1fc291cmNlPWNpb1x1MDAyNnV0bV9t...
  • https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
5 KB
2 KB
Document
General
Full URL
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
470313a4964b154dcca777f899dc3899caaded34876c27ad438b524b47fdd06c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0
content-encoding
br
content-type
text/html
date
Mon, 02 Dec 2024 18:12:16 GMT
etag
W/"10a05f4efdf2e07ce4463cc08923711e"
last-modified
Thu, 21 Nov 2024 10:37:27 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
x-amz-cf-id
IJjvSO2Qg_t-IWiN-9NreHQGd35vL--8YU5w5gBLfPKjzbliBo6_uA==
x-amz-cf-pop
JFK52-P10
x-amz-id-2
QxAKahw6Efn1z8jUUPSnfeY2axSehqS2WWuLZMJlixD7fyx/1kvx2QQdE/6wIxZOHxBl/noVYig=
x-amz-request-id
80DCSAYBW9CXF441
x-amz-server-side-encryption
AES256
x-amz-version-id
BMp05jUFBpM1gIrF8cMkyZbXngr2p2x9
x-cache
Hit from cloudfront

Redirect headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
date
Mon, 02 Dec 2024 18:12:15 GMT
location
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1#!sabre/collections/cyber_week_sale_nov24_usa
via
1.1 google, 1.1 ed016821a44f073856f1ffba399e1728.cloudfront.net (CloudFront)
x-amz-cf-id
MO5LUfg3WiDNQD0wBFpKiCcBgk1XWjk73vUHj0SuoSmec5teeGAdeQ==
x-amz-cf-pop
JFK50-P2
x-cache
Miss from cloudfront
16969570298.js
cdn.optimizely.com/js/
289 KB
89 KB
Script
General
Full URL
https://cdn.optimizely.com/js/16969570298.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2463212b7e35758d70f02ed5feb46f7ee3a73fe1b935437464af1918198d4755

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/

Response headers

access-control-max-age
86400
access-control-expose-headers
x-amz-meta-revision
content-encoding
gzip
cf-cache-status
HIT
etag
"6c26656e712452ec17d24336071e6659"
x-amz-version-id
4hoUgrr8HGuSFEza25ktukRMCNP92g5u
age
275
access-control-allow-methods
GET, HEAD
date
Mon, 02 Dec 2024 18:12:16 GMT
x-amz-meta-revision
7484
content-type
text/javascript; charset=utf-8
last-modified
Wed, 13 Nov 2024 11:15:22 GMT
vary
Accept-Encoding
x-amz-id-2
b1FfqN/T5hyHklkg99J6mL8/LNWnPrAiEe5xxVyt3+uUtMtyjL9jYWVSGivGcbrTKJPjZWZAjuc=
access-control-allow-headers
*
x-amz-replication-status
COMPLETED
cache-control
max-age=120
timing-allow-origin
*
x-amz-meta-pci_enabled
False
access-control-allow-credentials
false
x-amz-request-id
65537X0222VF4PHC
cf-ray
8ebd48c61b0b2a98-LAX
accept-ranges
bytes
access-control-allow-origin
*
content-length
90100
server
cloudflare
x-amz-server-side-encryption
AES256
main.c08ced93.js
cloud.workhuman.com/store/static/js/
1 MB
321 KB
Script
General
Full URL
https://cloud.workhuman.com/store/static/js/main.c08ced93.js
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
272ade96a845dd6e22d1147010a68752191cd8e9a2e0c1e6c238c1d30ccd52b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1

Response headers

content-encoding
br
x-amz-version-id
oAmWND7PHEqiiMqw6XFTNOYsT8kKM25A
etag
W/"c5ff73883325e795f7b6555404a5e9fe"
age
40638
x-cache
Hit from cloudfront
x-amz-cf-id
8TFg8Cupt6kkJe30toD6kHEljlpS1_xe0i761JrB7UB5RzeN-Wj55A==
date
Mon, 02 Dec 2024 06:55:00 GMT
content-type
text/javascript
vary
Accept-Encoding
last-modified
Thu, 21 Nov 2024 10:37:28 GMT
x-amz-id-2
7InGGxZlQMxVmJF4hbVAGvIYu4SfBuBZZB9b5JXkIstxmTwjkmOVxScjGMqFiVb7z/dB2aztPUY=
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
x-amz-request-id
1HY3N4WNYPMHKXBN
x-amz-cf-pop
JFK52-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
main.4f3a8026.css
cloud.workhuman.com/store/static/css/
147 KB
29 KB
Stylesheet
General
Full URL
https://cloud.workhuman.com/store/static/css/main.4f3a8026.css
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
604409c0c06f54d03fabf909870af6401d57e23be4575cd313adab9f9dd60871

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1

Response headers

content-encoding
br
x-amz-version-id
.GvX1r0G7w.zAl1qjBQ3U_ATWBVPpRef
etag
W/"36091748c49c7f482350518a796891e8"
age
43379
x-cache
Hit from cloudfront
x-amz-cf-id
SGOWi8Gn3L3-AGS7cHU_19ZHStYbUbeT_C5Ed5kYR7bNWp3bdM0unw==
date
Mon, 02 Dec 2024 06:09:18 GMT
content-type
text/css
vary
Accept-Encoding
last-modified
Thu, 21 Nov 2024 10:37:28 GMT
x-amz-id-2
XXDI4se3+176dy7x4GQhn4ak4f7NjrefbMGnmqiaH99e1msX5AWgRj4yla+8+QBxXNbs7UlJTMc=
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
x-amz-request-id
H7CQ9MJ2F5W0CDBQ
x-amz-cf-pop
JFK52-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
css2
fonts.googleapis.com/
10 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Slab:wght@400;700&family=Roboto:wght@400;700&display=swap
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bf3ba99687db725599d7193e7a631fb7637b7d14ed4160c1dd23676f17c48499
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 02 Dec 2024 18:12:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 18:12:17 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 02 Dec 2024 17:04:10 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
a15928870500.html
a15928870500.cdn.optimizely.com/client_storage/ Frame EAE2
0
0
Document
General
Full URL
https://a15928870500.cdn.optimizely.com/client_storage/a15928870500.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16969570298.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cloud.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
305
cache-control
max-age=120
cf-cache-status
HIT
cf-ray
8ebd48c8ba0908e4-LAX
content-encoding
gzip
content-length
878
content-type
text/html; charset=utf-8
date
Mon, 02 Dec 2024 18:12:17 GMT
etag
"ead1edece623bbf01b4dec4a602c8ede"
last-modified
Mon, 02 Dec 2024 17:12:10 GMT
server
cloudflare
server-timing
cfCacheStatus;desc="HIT"
vary
Accept-Encoding
x-amz-id-2
JChNTCusAcMbxoVVQuYD3NmUHjEqVOOD+qD1FIS78NmxhKDtOIPBItj8IZBSrE47hw1sdQRYcMw=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
ZJEP4448C28VVPE2
x-amz-server-side-encryption
AES256
x-amz-version-id
23egIugxPqucFdmC2aWUmlj06hPP6fgd
userSessionAuthToken
cloud.workhuman.com/microsites/login/
91 B
1 KB
XHR
General
Full URL
https://cloud.workhuman.com/microsites/login/userSessionAuthToken
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/static/js/main.c08ced93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1

Response headers

x-robots-tag
noindex
x-content-type-options
nosniff
expires
Sat, 6 May 1995 12:00:00 GMT
x-cache
Error from cloudfront
x-amz-cf-id
4YnZCu3y1AWKyOVI0xsCEcBeTPKFScWW1O4o8Y6L9-f4XTGFy74RrA==
date
Mon, 02 Dec 2024 18:12:17 GMT
content-type
application/json;charset=utf-8
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
content-length
91
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P10
server
Apache
rum
rum.optimizely.com/
0
0

favicon.ico
cloud.workhuman.com/
300 B
924 B
Other
General
Full URL
https://cloud.workhuman.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1

Response headers

x-robots-tag
noindex
etag
"12c-627872e1d3c00"
age
38645
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
tQIDt6V7tmi3ktsZcdUcivq6Xo7BuOOAmFwFOAZEjqEFiULCBfdqSA==
date
Mon, 02 Dec 2024 07:28:12 GMT
content-type
image/x-ico
last-modified
Fri, 22 Nov 2024 21:36:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
cache-control
max-age=31536000
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
300
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P10
server
Apache
forwardToInternalApp
cloud.workhuman.com/microsites/t/apps/
624 B
2 KB
Document
General
Full URL
https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3Futm_source%3Dcio%26utm_medium%3Demail%26utm_campaign%3DCyber_Week_Redemption_Campaign_RED24-014%26utm_content%3D1224_rr_cyber_us__btn1%23%2Fsabre%2Fcollections%2Fcyber_week_sale_nov24_usa
Requested by
Host: cloud.workhuman.com
URL: https://cloud.workhuman.com/store/static/js/main.c08ced93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cloud.workhuman.com/store/?utm_source=cio&utm_medium=email&utm_campaign=Cyber_Week_Redemption_Campaign_RED24-014&utm_content=1224_rr_cyber_us__btn1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
624
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
content-type
text/html;charset=ISO-8859-1
date
Mon, 02 Dec 2024 18:12:17 GMT
expires
01 Apr 1995 01:10:10 GMT
pragma
no-cache
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
x-amz-cf-id
zw-BfTCg2YR9ESw590jMB0niuTE9jIgy-_e5pTOU8LDQ-frS9N1Dyg==
x-amz-cf-pop
JFK52-P10
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-robots-tag
noindex
x-xss-protection
1; mode=block
startSSO.ping
idp.workhuman.com/sp/
2 KB
2 KB
Document
General
Full URL
https://idp.workhuman.com/sp/startSSO.ping?PartnerIdpId=https://sts.windows.net/03ceccf2-fe27-4c66-abdb-699141848e61/&TARGET=https%3A%2F%2Fcloud.workhuman.com%2Fmicrosites%2Fmotivation%2FSSOEntryPoint%3Fclient%3Dsabre
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://cloud.workhuman.com
Referer
https://cloud.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-length
1555
content-type
text/html;charset=utf-8
date
Mon, 02 Dec 2024 18:12:18 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
origin
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
x-amz-cf-id
g82u229mjydPlKVNbvEcCyyY-GPr1_67pcODMArQVAFootWb0SDy_Q==
x-amz-cf-pop
JFK52-P10
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN
favicon.ico
cloud.workhuman.com/
300 B
0
Other
General
Full URL
https://cloud.workhuman.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://cloud.workhuman.com/microsites/t/apps/forwardToInternalApp?client=sabre&targetUrl=%2Fstore%2F%3Futm_source%3Dcio%26utm_medium%3Demail%26utm_campaign%3DCyber_Week_Redemption_Campaign_RED24-014%26utm_content%3D1224_rr_cyber_us__btn1%23%2Fsabre%2Fcollections%2Fcyber_week_sale_nov24_usa

Response headers

x-robots-tag
noindex
etag
"12c-627872e1d3c00"
age
38645
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
tQIDt6V7tmi3ktsZcdUcivq6Xo7BuOOAmFwFOAZEjqEFiULCBfdqSA==
date
Mon, 02 Dec 2024 07:28:12 GMT
content-type
image/x-ico
last-modified
Fri, 22 Nov 2024 21:36:48 GMT
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
cache-control
max-age=31536000
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
300
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P10
server
Apache
Primary Request saml2
login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/
38 KB
16 KB
Document
General
Full URL
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:130::6 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
77481690fd17c4427726e7a4cf78561a54d03ba3c862796c8f1b683e66294fd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://idp.workhuman.com
Referer
https://idp.workhuman.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache
content-encoding
gzip
content-length
14517
content-security-policy-report-only
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-TMbJ_tccQ354sFQ_5nQvTg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; img-src 'self' data: https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
content-type
text/html; charset=utf-8
date
Mon, 02 Dec 2024 18:12:18 GMT
expires
-1
link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-frame-options
DENY
x-ms-ests-server
2.1.19492.3 - SCUS ProdSlices
x-ms-request-id
0b626389-42c9-4b5e-89c9-588a5f87e500
x-ms-srs
1.P
x-xss-protection
0
favicon.ico
idp.workhuman.com/
300 B
926 B
Other
General
Full URL
https://idp.workhuman.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.94.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-94-54.jfk52.r.cloudfront.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://idp.workhuman.com/

Response headers

x-robots-tag
noindex
etag
"12c-627872e1d3c00"
age
38646
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
OZuxZ2fPEY6jczjD-1kVXHDEB__gzyKbPKFIlMBn2M5YEZ9UXp2mkw==
date
Mon, 02 Dec 2024 07:28:12 GMT
content-type
image/x-ico
last-modified
Fri, 22 Nov 2024 21:36:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com teams.microsoft.com.mcas.ms teams.microsoft.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce
cache-control
max-age=31536000
via
1.1 884e9540b32f06547183ac58410aeea6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
300
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P10
server
Apache
converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/
111 KB
20 KB
Stylesheet
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/5597) /
Resource Hash
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

content-md5
8N6amNvfqMAnQs5tkvslJA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCDDAB171F8006
age
5803584
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
text/css
last-modified
Wed, 25 Sep 2024 21:43:27 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
1824d109-f01e-002b-7c1d-10d402000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
20400
x-ms-blob-type
BlockBlob
server
ECAcc (lac/5597)
ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
aadcdn.msftauth.net/shared/1.0/content/js/
439 KB
120 KB
Script
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/559F) /
Resource Hash
0030e7479cdc07327aa070fe746f5b2ecd366ce3a6ee1e9e83547dc7703a59e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

content-md5
ABUpLq9YtGgLSjA/fBU6NQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCF399B77640D7
age
3021491
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
application/x-javascript
last-modified
Wed, 23 Oct 2024 19:34:31 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
bf0b6e55-301e-00ea-7f6a-29ed02000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
122341
x-ms-blob-type
BlockBlob
server
ECAcc (lac/559F)
ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/
56 KB
16 KB
Script
General
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55D1) /
Resource Hash
993a5748db7b6bc125f88788845a7599234130bce2858b528071035488cb886d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

content-md5
GHueukH99mssj362RdK8Fw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCF55E8343790A
age
3021491
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
application/x-javascript
last-modified
Sat, 26 Oct 2024 01:35:45 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
93c837aa-201e-00b0-2e6a-29c0ae000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
16345
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55D1)
Me.htm
login.live.com/
0
0
Other
General
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.190.193 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

oneDs_f2e0f4a029670f10d892.js
aadcdn.msftauth.net/shared/1.0/content/js/
186 KB
60 KB
Script
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55C5) /
Resource Hash
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
wegr9xrdYirQ87+FcvY0/A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DB5D44A2CEB430
age
21880399
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 25 May 2023 17:22:37 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
09a53886-401e-00f7-0de5-7d2e7d000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
61052
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55C5)
convergedlogin_pcustomizationloader_117b650bccea354984d8.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/
397 KB
114 KB
Script
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55E1) /
Resource Hash
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
LT++1t3XGfzBv7UAthL87A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCBD52F37806EC
age
8183265
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:51:54 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
885dec24-001e-001e-5478-fa6dbf000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
116365
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55E1)
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msftauth.net/shared/1.0/content/images/
17 KB
17 KB
Other
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55C7) /
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
EuPayFgGHQiAI7K9SOL6lg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
etag
0x8D8731240E548EB
age
19036378
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:19 GMT
content-type
image/x-icon
last-modified
Sun, 18 Oct 2020 03:02:30 GMT
cache-control
public, max-age=31536000
x-ms-request-id
d30f1fa7-901e-00a6-74c3-97664c000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17174
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55C7)
convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/
15 KB
6 KB
Script
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55BF) /
Resource Hash
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
betEqf4nMmbvq8MhS5mLoA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCBD52F3A242D0
age
9061303
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:51:55 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
f87b7a05-b01e-0034-437c-f2b2af000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
5529
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55BF)
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msftauth.net/shared/1.0/content/images/
3 KB
3 KB
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55AB) /
Resource Hash
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
Fm3lNHEmUlOrOkVt7+baIw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
etag
0x8DB5C3F4982FD30
age
11922379
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
image/gif
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
e68a0702-a01e-0044-0e76-d8def1000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
2672
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55AB)
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msftauth.net/shared/1.0/content/images/
4 KB
4 KB
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55B3) /
Resource Hash
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
tUCo5RgDcZLjLE/li/Lbqw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
etag
0x8DB5C3F492F3EE5
age
21880240
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
image/gif
last-modified
Wed, 24 May 2023 10:11:48 GMT
cache-control
public, max-age=31536000
x-ms-request-id
49b45938-601e-00e5-1be5-7dc85b000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
3620
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55B3)
illustration
aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/
252 KB
253 KB
Image
General
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/illustration?ts=636966718686804972
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bd31b5ad4e0e741f2066270580ff1324e97e726e5a3f42b2c11c06978600db4e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D6F5DB199C57DE
x-fd-int-roxy-purgeid
50755578
x-content-type-options
nosniff
x-cache
TCP_HIT
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
image/*
last-modified
Thu, 20 Jun 2019 23:57:49 GMT
cache-control
public, max-age=86400
x-ms-request-id
6b2d0e69-601e-0041-1c74-435fb7000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
258399
x-azure-ref
20241202T181220Z-166fdcf7d95ngc9qhC1LAXgft8000000092000000000v0pc
x-ms-blob-type
BlockBlob
bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/
2 KB
2 KB
Image
General
Full URL
https://aadcdn.msftauthimages.net/dbd5a2dd-dxwkn8zmqorrvfrpezrqqbiqs-op92gz1eht3ws7w0/logintenantbranding/0/bannerlogo?ts=636966718706694231
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9155cfd404c1c5fa95ec2d1d7e1c07b2f0ea87fb8a2c41cf737bd13088c018e8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D6F5DB1AC09A8D
x-fd-int-roxy-purgeid
50755578
x-content-type-options
nosniff
x-cache
TCP_HIT
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
image/*
last-modified
Thu, 20 Jun 2019 23:57:51 GMT
cache-control
public, max-age=86400
x-ms-request-id
cdaebc12-a01e-0061-1074-432410000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
1913
x-azure-ref
20241202T181220Z-166fdcf7d95ngc9qhC1LAXgft8000000092000000000v0pd
x-ms-blob-type
BlockBlob
ssoprobe
autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/
12 B
2 KB
Image
General
Full URL
https://autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/ssoprobe?client-request-id=7a185959-88f1-4d2e-9e8c-c9a8aab1e417&_=1733163140140
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:8::4 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

x-ms-ests-server
2.1.19492.3 - NCUS ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
GET, OPTIONS
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Date
Mon, 02 Dec 2024 18:12:19 GMT
Content-Type
image/png; charset=utf-8
Vary
Origin
Cache-Control
no-store, no-cache
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Pragma
no-cache
WWW-Authenticate
Negotiate
Access-Control-Allow-Credentials
true
Referrer-Policy
strict-origin-when-cross-origin
x-ms-request-id
577ec9d1-fa11-4d24-8998-2cc2639ffd00
Content-Security-Policy-Report-Only
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-6iS9kKqq_8ObQSUpPQ6BBg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; img-src 'self' data: https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
Access-Control-Allow-Origin
https://login.microsoftonline.com
Content-Length
12
X-XSS-Protection
0
dssostatus
login.microsoftonline.com/common/instrumentation/
265 B
1 KB
XHR
General
Full URL
https://login.microsoftonline.com/common/instrumentation/dssostatus
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:130::6 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9c296d9bde47988fde063ddab823f564e88363d048fa86bc359e5b6bad108618
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

hpgid
1104
Referer
https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
hpgact
1900
canary
PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe1RSWZDAIcw_7trup0whJYur3yHBPwcC3AY29D7byGbZsgOFxZh4jASxeekZpE6-2TDyJwu_vsTcUeGt5yWUHo6eCSTl5xqSp8kj7Vmk0rv55eaWpY9mv2M8OS3bMh7m6eNFfEjffHSig4CiDTZ7kkm7_sx9sOrzJDuuOrQKMlMb6xew08734jxnJm06nVjRuk0jxjlSE_vAQDjnEa_Q22iAA
client-request-id
7a185959-88f1-4d2e-9e8c-c9a8aab1e417
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json
hpgrequestid
0b626389-42c9-4b5e-89c9-588a5f87e500
Content-type
application/json; charset=UTF-8

Response headers

x-ms-ests-server
2.1.19492.3 - WUS3 ProdSlices
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
x-content-type-options
nosniff
access-control-allow-methods
POST, OPTIONS
expires
-1
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
date
Mon, 02 Dec 2024 18:12:20 GMT
content-type
application/json; charset=utf-8
x-ms-srs
1.P
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-store, no-cache
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
pragma
no-cache
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-ms-request-id
0ee1ef80-dad1-44dd-8e5c-9d8499a20c00
content-security-policy-report-only
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-OLo-ONF01rnwSe6TjiOL0Q' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; img-src 'self' data: https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
client-request-id
7a185959-88f1-4d2e-9e8c-c9a8aab1e417
access-control-allow-origin
https://autologon.microsoftazuread-sso.com/
content-length
265
x-xss-protection
0
convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/
111 KB
35 KB
Script
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
Requested by
Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/55C3) /
Resource Hash
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
07aumYbfJEqwNBLMcAM10A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DCBD52F42903D2
age
9353982
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:21 GMT
content-type
application/x-javascript
last-modified
Thu, 15 Aug 2024 17:51:56 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
f2d16d38-a01e-00e8-44d2-ef53ba000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
35168
x-ms-blob-type
BlockBlob
server
ECAcc (lac/55C3)
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msftauth.net/shared/1.0/content/images/
2 KB
785 B
Image
General
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (lac/5599) /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
R2FAVxfpONfnQAuxVxXbHg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-lease-status
unlocked
etag
0x8DB5C3F4BB4F03C
age
11922379
x-ms-version
2009-09-19
x-cache
HIT
date
Mon, 02 Dec 2024 18:12:21 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:52 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
x-ms-request-id
ddfec367-f01e-00ee-3276-d82b4e000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
621
x-ms-blob-type
BlockBlob
server
ECAcc (lac/5599)
/
browser.events.data.microsoft.com/OneCollector/1.0/
0
0

/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame
0
0
Preflight
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.116.253.168 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://login.microsoftonline.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://login.microsoftonline.com
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Mon, 02 Dec 2024 18:12:22 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
rum.optimizely.com
URL
https://rum.optimizely.com/rum
Domain
browser.events.data.microsoft.com
URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_117b650bccea354984d8 boolean| __convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834 boolean| __convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d

21 Cookies

Domain/Path Name / Value
cloud.workhuman.com/microsites Name: client
Value: sabre
.workhuman.com/ Name: optimizelyEndUserId
Value: oeu1733163137172r0.7071705957064265
cloud.workhuman.com/ Name: AWSALB
Value: UybAC91ar1gStZIHU4aCfBUnig1e/F3HYBxtV2pI1BqKZdYOT2HzX8qoMM8HjO8POKgW7aeLC/m2Fs82HXLoQPVpcGktIQE3WVGYFXmjdBopUqEwj9WhZvtsudnt
cloud.workhuman.com/ Name: AWSALBCORS
Value: UybAC91ar1gStZIHU4aCfBUnig1e/F3HYBxtV2pI1BqKZdYOT2HzX8qoMM8HjO8POKgW7aeLC/m2Fs82HXLoQPVpcGktIQE3WVGYFXmjdBopUqEwj9WhZvtsudnt
cloud.workhuman.com/ Name: cf_client
Value: sabre
cloud.workhuman.com/ Name: JSESSIONID
Value: 9DE79F15F27D04F2C11D304840B46697
idp.workhuman.com/ Name: PF
Value: yYhE7q66LG0DppeguJA2DE
login.microsoftonline.com/ Name: buid
Value: 1.ARcA8szOAyf-Zkyr22mRQYSOYYQf-wxNOYpGpnVXv5v0fdUXAAAXAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeNWOznpOxeoPvtr1h4v-EGHSa6qchxLhM89qAq2hu33C2i_dn3sHVoim7xEvyw_b96m-MglJ1BoS7CnSgE3hHBZLuGO6mKJeysHlzGl38PjsgAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFelDFwmtchTCfY57I3abKU6ct2LBwp32MZzDKDRavFiZaVp215NxuPLUQ4-AdC81yTwhuEStYOKJFnZd6CyEqG87ZxQ7RHHIY3X10Wyc5bO6Y_RXZcXISq9dit3j8CgQipokJ8mzC-36cUBGrhQkIX2CUkldpXWvDUJ5S8tK1QJ-cgAA
.login.microsoftonline.com/ Name: esctx-ujsTgh5aSWE
Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFetodw_jJ2H8RbLdIYT8qQmi9SxMhxDe2oeXmFy8U63xAUOq1zlAeiIrsj9SGPwABlMDo_sjzXQGTefVdZ0ex_jJWB0MJRlXCR5R8j0Sfx20w2C0BlA7FmGYDvA7GgTb7XjDaUSwvDr1RbmKK1XV7VGSAA
login.microsoftonline.com/ Name: fpc
Value: AsNNFw3jIa9PiZ7k9SeIFJiJwXmQAQAAAILv394OAAAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.live.com/ Name: uaid
Value: 653e61d111554d3fbf30d9423de806ef
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1733163139&co=1
login.microsoftonline.com/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: 748a7507-35da-4eb8-8cfd-45ad1ad53bc9
.login.microsoftonline.com/ Name: brcap
Value: 0
autologon.microsoftazuread-sso.com/ Name: fpc
Value: AqyIyCuJ1BBPhzYdL6YuWOM
autologon.microsoftazuread-sso.com/ Name: x-ms-gateway-slice
Value: estsfd
autologon.microsoftazuread-sso.com/ Name: stsservicecookie
Value: estsfd
login.microsoftonline.com/ Name: ai_session
Value: rcYV61Sv+O9roFCF77AXP5|1733163140783|1733163140783

3 Console Messages

Source Level URL
Text
network error URL: https://cloud.workhuman.com/microsites/login/userSessionAuthToken
Message:
Failed to load resource: the server responded with a status of 500 ()
network error URL: https://autologon.microsoftazuread-sso.com/03ceccf2-fe27-4c66-abdb-699141848e61/winauth/ssoprobe?client-request-id=7a185959-88f1-4d2e-9e8c-c9a8aab1e417&_=1733163140140
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
recommendation verbose URL: https://login.microsoftonline.com/03ceccf2-fe27-4c66-abdb-699141848e61/saml2
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a15928870500.cdn.optimizely.com
aadcdn.msftauth.net
aadcdn.msftauthimages.net
autologon.microsoftazuread-sso.com
browser.events.data.microsoft.com
cdn.optimizely.com
click1.workhuman.com
cloud.workhuman.com
fonts.googleapis.com
idp.workhuman.com
login.live.com
login.microsoftonline.com
rum.optimizely.com
browser.events.data.microsoft.com
rum.optimizely.com
108.139.29.121
13.226.94.54
20.190.190.193
2603:1037:1:130::6
2603:1037:1:8::4
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2606:4700::6812:4139
2606:4700::6812:4239
2607:f8b0:4004:c1d::5f
2620:1ec:bdf::40
51.116.253.168
0030e7479cdc07327aa070fe746f5b2ecd366ce3a6ee1e9e83547dc7703a59e4
2463212b7e35758d70f02ed5feb46f7ee3a73fe1b935437464af1918198d4755
272ade96a845dd6e22d1147010a68752191cd8e9a2e0c1e6c238c1d30ccd52b1
470313a4964b154dcca777f899dc3899caaded34876c27ad438b524b47fdd06c
604409c0c06f54d03fabf909870af6401d57e23be4575cd313adab9f9dd60871
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93
77481690fd17c4427726e7a4cf78561a54d03ba3c862796c8f1b683e66294fd6
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9155cfd404c1c5fa95ec2d1d7e1c07b2f0ea87fb8a2c41cf737bd13088c018e8
993a5748db7b6bc125f88788845a7599234130bce2858b528071035488cb886d
9c296d9bde47988fde063ddab823f564e88363d048fa86bc359e5b6bad108618
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b
bd31b5ad4e0e741f2066270580ff1324e97e726e5a3f42b2c11c06978600db4e
bf3ba99687db725599d7193e7a631fb7637b7d14ed4160c1dd23676f17c48499
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855