login.microsoftonline.com Open in urlscan Pro
40.126.32.69 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ges.tax.deloitteonline.com/sites/846/1841/1774/Clprovd/Forms/DTI%20Mobility%20Compensation%20Document%20Set/docsethomepage....
Effective URL:
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteo...
Submission: On September 06 via manual (September 6th 2022, 5:16:02 pm UTC) from IN — Scanned from DE

Summary HTTP 21 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 21 HTTP transactions. The main IP is 40.126.32.69, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 28.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 24th 2022. Valid for: a year.

This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 13	2a02:26f0:350... 2a02:26f0:3500:584::116e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	40.126.32.69 40.126.32.69	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
1	40.126.32.134 40.126.32.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
21	5

13 2a02:26f0:3500:584::116e (Frankfurt am Main, Germany) 4 redirects

ASN20940 (AKAMAI-ASN1, NL)

ges.tax.deloitteonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.126.32.69 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.126.32.134 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msftauthimages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	deloitteonline.com 4 redirects ges.tax.deloitteonline.com	130 KB
7	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 2639	210 KB
2	msftauthimages.net aadcdn.msftauthimages.net — Cisco Umbrella Rank: 7004	283 KB
2	microsoftonline.com login.microsoftonline.com — Cisco Umbrella Rank: 28	107 KB
1	live.com login.live.com — Cisco Umbrella Rank: 60
21	5

	Domain	Requested by
13	ges.tax.deloitteonline.com	4 redirects ges.tax.deloitteonline.com
7	aadcdn.msftauth.net	login.microsoftonline.com aadcdn.msftauth.net
2	aadcdn.msftauthimages.net
2	login.microsoftonline.com	login.microsoftonline.com
1	login.live.com	login.microsoftonline.com
21	5

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
dti.tax.deloitteonline.com GeoTrust RSA CA 2018	`2022-08-24` - `2023-08-24`	a year	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2022-08-24` - `2023-08-24`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2022-04-01` - `2023-04-01`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2022-06-01` - `2023-06-01`	a year	crt.sh
aadcdn.msftauthimages.net Microsoft Azure TLS Issuing CA 01	`2022-07-07` - `2023-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Frame ID: 4B5F546068BA68BF328E3910D233D3E6
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

https://ges.tax.deloitteonline.com/sites/846/1841/1774/Clprovd/Forms/DTI%20Mobility%20Compensation%20Document%2... HTTP 302
https://ges.tax.deloitteonline.com/sites/846/1841/1774/_layouts/15/Authenticate.aspx?Source=%2Fsites%2F846%2F18... HTTP 302
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f1... Page URL
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f1... HTTP 302
https://ges.tax.deloitteonline.com/_trust/default.aspx?trust=ADFS%20PRD&ReturnUrl=%2fsites%2f846%2f1841%2f1774%... HTTP 302
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f... Page URL
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f... Page URL

Page Statistics

21
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

725 kB
Transfer

1823 kB
Size

11
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/de-DE/servicesagreement/
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/de-DE/privacystatement
Title: Datenschutz & Cookies

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/de-de/corporate/rechtliche-hinweise/impressum.aspx
Title: Haftungsausschluss

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ges.tax.deloitteonline.com/sites/846/1841/1774/Clprovd/Forms/DTI%20Mobility%20Compensation%20Document%20Set/docsethomepage.aspx?ID=3&FolderCTID=0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5&List=2c642abf-98de-4cfb-a62f-91774d717134&RootFolder=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FFTA%20Process%20%2D%20MUK&RecSrc=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FFTA%20Process%20%2D%20MUK HTTP 302
https://ges.tax.deloitteonline.com/sites/846/1841/1774/_layouts/15/Authenticate.aspx?Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK Page URL
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2fsites%2f846%2f1841%2f1774%2fClprovd%2fForms%2fDTI+Mobility+Compensation+Document+Set%2fdocsethomepage.aspx%3fID%3d3%26FolderCTID%3d0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3d2c642abf-98de-4cfb-a62f-91774d717134%26RootFolder%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://ges.tax.deloitteonline.com/_trust/default.aspx?trust=ADFS%20PRD&ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2fsites%2f846%2f1841%2f1774%2fClprovd%2fForms%2fDTI+Mobility+Compensation+Document+Set%2fdocsethomepage.aspx%3fID%3d3%26FolderCTID%3d0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3d2c642abf-98de-4cfb-a62f-91774d717134%26RootFolder%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx Page URL
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ges.tax.deloitteonline.com/sites/846/1841/1774/Clprovd/Forms/DTI%20Mobility%20Compensation%20Document%20Set/docsethomepage.aspx?ID=3&FolderCTID=0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5&List=2c642abf-98de-4cfb-a62f-91774d717134&RootFolder=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FFTA%20Process%20%2D%20MUK&RecSrc=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FFTA%20Process%20%2D%20MUK HTTP 302
https://ges.tax.deloitteonline.com/sites/846/1841/1774/_layouts/15/Authenticate.aspx?Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK

Request Chain 9

https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2fsites%2f846%2f1841%2f1774%2fClprovd%2fForms%2fDTI+Mobility+Compensation+Document+Set%2fdocsethomepage.aspx%3fID%3d3%26FolderCTID%3d0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3d2c642abf-98de-4cfb-a62f-91774d717134%26RootFolder%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://ges.tax.deloitteonline.com/_trust/default.aspx?trust=ADFS%20PRD&ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2fsites%2f846%2f1841%2f1774%2fClprovd%2fForms%2fDTI+Mobility+Compensation+Document+Set%2fdocsethomepage.aspx%3fID%3d3%26FolderCTID%3d0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3d2c642abf-98de-4cfb-a62f-91774d717134%26RootFolder%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK HTTP 302
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

doldefault.aspx Show response
ges.tax.deloitteonline.com/_login/
Redirect Chain

https://ges.tax.deloitteonline.com/sites/846/1841/1774/Clprovd/Forms/DTI%20Mobility%20Compensation%20Document%20Set/docsethomepage.aspx?ID=3&FolderCTID=0x0120D52000F6CD2AFE378B9345B6014112256B2A5A0...
https://ges.tax.deloitteonline.com/sites/846/1841/1774/_layouts/15/Authenticate.aspx?Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocseth...
https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252F...

10 KB
5 KB

160ms
160ms

Document
text/html

2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

2a82b7e1fe6679d5a49f44edd89234bead405725802646be3adfd6a5c187dc4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: DTIServer
cache-control: private, no-store
content-encoding: gzip
content-length: 4920
content-type: text/html; charset=utf-8
date: Tue, 06 Sep 2022 17:15:55 GMT
dtiserver: SPSWFE3
microsoftsharepointteamservices: 15.0.0.5429
request-id: 9f5f62a0-ddfc-d086-3b2c-14c33d923521
server: Microsoft-IIS/8.5
spiislatency: 1
sprequestduration: 11
sprequestguid: 9f5f62a0-ddfc-d086-3b2c-14c33d923521
strict-transport-security: max-age=31536000; includeSubDomains;
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ms-invokeapp: 1; RequireReadOnly
x-powered-by: ASP.NET
x-sharepointhealthscore: 0

Redirect headers

access-control-expose-headers: DTIServer
cache-control: private
content-length: 1357
content-type: text/html; charset=utf-8
date: Tue, 06 Sep 2022 17:15:55 GMT
dtiserver: SPSWFE3
location: /_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
microsoftsharepointteamservices: 15.0.0.5429
request-id: 9f5f62a0-0df3-d086-3b2c-121955d5de40
server: Microsoft-IIS/8.5
spiislatency: 1
sprequestduration: 6
sprequestguid: 9f5f62a0-0df3-d086-3b2c-121955d5de40
strict-transport-security: max-age=31536000; includeSubDomains;
x-aspnet-version: 4.0.30319
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ms-invokeapp: 1; RequireReadOnly
x-powered-by: ASP.NET
x-sharepointhealthscore: 0

GET
H2 200 corev4.css
ges.tax.deloitteonline.com/_layouts/15/1033/styles/ 203 KB
30 KB 108ms
106ms Stylesheet
text/css 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/_layouts/15/1033/styles/corev4.css?rev=h73XLvRVKw4x5m5%2FXNnjuw%3D%3D

Requested by

Host: ges.tax.deloitteonline.com
URL: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

17c3bde9b483c29909c4036250b09b8a4a78a04dfaaefec9cdec1ce05b4f105d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-length: 30057
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Fri, 18 Oct 2019 00:40:58 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:56 GMT
vary: Accept-Encoding
content-type: text/css
access-control-expose-headers: DTIServer
cache-control: max-age=336368
etag: "0c91eb54c85d51:0"
accept-ranges: bytes
dtiserver: SPSWFE2

GET
H2 200 init.js Show response
ges.tax.deloitteonline.com/_layouts/15/ 158 KB
44 KB 54ms
52ms Script
application/javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-length: 44598
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Fri, 18 Oct 2019 00:38:00 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:55 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: DTIServer
cache-control: max-age=336282
etag: "02464b4c85d51:0"
accept-ranges: bytes
dtiserver: SPSWFE4

GET
H2 200 ScriptResource.axd Show response
ges.tax.deloitteonline.com/ 100 KB
25 KB 94ms
92ms Script
application/x-javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/ScriptResource.axd?d=8N4sWeS3dMQqhdIVGIGa53xhd5wvUGJJQJwh7_VNeYUZ7Ldzq4tC1FXTyCRT0_RNi0JMWQMKAkJ7qIrCMS8i5Hju6FiF5O1hepCjhu4RjOtQbu844RhiTcSfFK5wcOZusvScLPH2En06p8TB58qbkMKIcWiy3Pg2bvzFkVxciJHf2pRjIFM2iExxRbw3NunN0&t=ffffffffaa493ab8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-length: 25609
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Mon, 05 Sep 2022 14:40:53 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-expose-headers: DTIServer
cache-control: public, max-age=336328
dtiserver: SPSWFE1
expires: Sat, 10 Sep 2022 14:41:23 GMT

GET
H2 200 blank.js Show response
ges.tax.deloitteonline.com/_layouts/15/ 119 B
574 B 70ms
69ms Script
application/javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/_layouts/15/blank.js?rev=ZaOXZEobVwykPO9g8hq%2F8A%3D%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: ASP.NET
content-length: 217
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Thu, 23 Jan 2014 07:06:04 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:55 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: DTIServer
cache-control: max-age=336297
etag: "0165e94918cf1:0"
accept-ranges: bytes
dtiserver: SPSWFE4

GET
H2 200 ScriptResource.axd Show response
ges.tax.deloitteonline.com/ 39 KB
10 KB 82ms
81ms Script
application/x-javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/ScriptResource.axd?d=xN0Gmt0qpdxsKknIaPBUMmsWQOh_35KHKqjeAbmhY27sY0cB07qNNZc2F3QSMK6RvBmL3yIYdkbj_KkLInSMcBWmoHdCHG7FsLwtJZJNO51-Y1dlsOupBNatcxSTFlmZBtPaxNBWm0kqtjcYIbxbu_L_vbn1qBhwkIjmUBM5T_piso8pVXQKYKlI5L11D0PJ0&t=ffffffffaa493ab8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-length: 9984
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Mon, 05 Sep 2022 12:45:42 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-expose-headers: DTIServer
cache-control: public, max-age=336383
dtiserver: SPSWFE1
expires: Sat, 10 Sep 2022 14:42:18 GMT

GET
H2 200 WebResource.axd Show response
ges.tax.deloitteonline.com/ 23 KB
6 KB 90ms
89ms Script
application/x-javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/WebResource.axd?d=7f2Xvf9Vsi1cPwCZ34AtRNf1v5WQJr_R6nW7K7RJJY2reT5vNo1CozGVr_FFuoK3HbLkZly4exX9-SMG5Pzcyu65Riq5F2LdJR6c1zGk3mg1&t=637811549229275428

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-length: 6007
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-expose-headers: DTIServer
cache-control: public, max-age=336305
dtiserver: SPSWFE1
expires: Sat, 10 Sep 2022 14:41:00 GMT

GET
H2 200 WebResource.axd Show response
ges.tax.deloitteonline.com/ 3 KB
1 KB 102ms
101ms Script
application/x-javascript 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ges.tax.deloitteonline.com/WebResource.axd?d=sdPXTb8lIlzDz7I1U878IHU7Q5EYbNpr4WLFUlbnmPogUixDmqCXwNHCnQcC_za7Quzhv2lSVDzW-_4lLs25Vzi1x4vzMTIc8KLwG24AAAI1&t=637811549229275428

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
x-content-type-options: nosniff
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-length: 978
microsoftsharepointteamservices: 15.0.0.5429
x-ms-invokeapp: 1; RequireReadOnly
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/8.5
date: Tue, 06 Sep 2022 17:15:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-expose-headers: DTIServer
cache-control: public, max-age=336221
dtiserver: SPSWFE1
expires: Sat, 10 Sep 2022 14:39:37 GMT

GET
H2 200 errorIcon.png
ges.tax.deloitteonline.com/_layouts/images/ 1 KB
2 KB 15ms
10ms Image
image/png 2a02:26f0:3500:584::116e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ges.tax.deloitteonline.com/_layouts/images/errorIcon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:26f0:3500:584::116e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&Source=%2Fsites%2F846%2F1841%2F1774%2FClprovd%2FForms%2FDTI%20Mobility%20Compensation%20Document%20Set%2Fdocsethomepage%2Easpx%3FID%3D3%26FolderCTID%3D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%26List%3D2c642abf%2D98de%2D4cfb%2Da62f%2D91774d717134%26RootFolder%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK%26RecSrc%3D%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FFTA%2520Process%2520%252D%2520MUK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
x-ms-invokeapp: 1; RequireReadOnly
x-content-type-options: nosniff
last-modified: Tue, 21 Jan 2014 19:09:00 GMT
server: Microsoft-IIS/8.5
x-powered-by: ASP.NET
content-type: image/png
access-control-expose-headers: DTIServer
cache-control: max-age=336286
date: Tue, 06 Sep 2022 17:15:56 GMT
etag: "0eea63ddc16cf1:0"
accept-ranges: bytes
dtiserver: SPSWFE2
content-length: 1470
microsoftsharepointteamservices: 15.0.0.5429

GET
H/1.1

200
OK

wsfed Show response
login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/
Redirect Chain

https://ges.tax.deloitteonline.com/_login/doldefault.aspx?ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252F...
https://ges.tax.deloitteonline.com/_trust/default.aspx?trust=ADFS%20PRD&ReturnUrl=%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%25...
https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%...

151 KB
55 KB

139ms
59ms

Document
text/html

40.126.32.69
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.32.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

edbde9f64161df43950058d60d99e4c49d752b6f9e5071c2992635a23b203e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ges.tax.deloitteonline.com
Referer: https://ges.tax.deloitteonline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 54955
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2022 17:15:56 GMT
Expires: -1
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams1"}]}
x-ms-ests-server: 2.1.13562.12 - NEULR2 ProdSlices
x-ms-request-id: 9b0b7583-4d69-4f33-a862-3edce40f7200

Redirect headers

access-control-expose-headers: DTIServer
cache-control: private, no-store
content-length: 1071
content-type: text/html; charset=utf-8
date: Tue, 06 Sep 2022 17:15:56 GMT
dtiserver: SPSWFE3
location: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx
microsoftsharepointteamservices: 15.0.0.5429
request-id: a05f62a0-dd19-d086-3b2c-1b8bc04d9f08
server: Microsoft-IIS/8.5
spiislatency: 2
sprequestduration: 6
sprequestguid: a05f62a0-dd19-d086-3b2c-1b8bc04d9f08
strict-transport-security: max-age=31536000; includeSubDomains;
x-aspnet-version: 4.0.30319
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ms-invokeapp: 1; RequireReadOnly
x-powered-by: ASP.NET
x-sharepointhealthscore: 0

GET
H/1.1 200
OK Primary Request wsfed Show response
login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/ 202 KB
52 KB 109ms
109ms Document
text/html 40.126.32.69
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.126.32.69 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ff81edd5dbc5ab4119b5cfb546466d6f9fba98dc13d5d361794da797d43700b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 51561
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2022 17:15:56 GMT
Expires: -1
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin <https://aadcdn.msftauth.net>; rel=dns-prefetch <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: on
X-Frame-Options: DENY
X-XSS-Protection: 0
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams1"}]}
x-ms-ests-server: 2.1.13562.12 - NEULR1 ProdSlices
x-ms-request-id: a87be1b6-6f14-4156-9182-d4f45f3f7900

GET
H2 200 ConvergedLogin_PCore_rEkixmwXrnf1ZoXlPzTPPA2.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/ 383 KB
109 KB 39ms
8ms Script
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rEkixmwXrnf1ZoXlPzTPPA2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E306) /
Resource Hash: 564118b5f28d90632e7ca3487f8a208b0e7b5fe68fcda0c950986107a5ce2c65

Request headers

Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
content-encoding: gzip
content-md5: fK2AK6jDg6/4KCAAbseoGQ==
age: 2717555
x-cache: HIT
content-length: 111291
x-ms-lease-status: unlocked
last-modified: Thu, 04 Aug 2022 19:52:57 GMT
server: ECAcc (frd/E306)
etag: 0x8DA7652EDA85098
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 5604598b-f01e-0033-0d5d-a9ec9c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H/1.1 200
OK Me.htm
login.live.com/ 0
0 177ms
100ms Other
text/html 40.126.32.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://login.live.com/Me.htm?v=3
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.126.32.134 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
20 KB 31ms
9ms Other
text/css 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2B1) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
content-encoding: gzip
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
age: 2717554
x-cache: HIT
content-length: 19970
x-ms-lease-status: unlocked
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (frd/E2B1)
etag: 0x8DA7650B375AC9B
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 5d0100b0-101e-0026-305d-a94615000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-de.min_lhhrovnn534e-c0nfmglxq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 0
15 KB 37ms
16ms Other
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_lhhrovnn534e-c0nfmglxq2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2E5) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
content-encoding: gzip
content-md5: 71riyjn3BVagiKB9JTpI+A==
age: 2598483
x-cache: HIT
content-length: 14780
x-ms-lease-status: unlocked
last-modified: Fri, 05 Aug 2022 00:57:12 GMT
server: ECAcc (frd/E2E5)
etag: 0x8DA767D6E53DDA9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 568a8265-301e-0034-3a72-aaf450000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 convergedlogin_pcustomizationloader_ce7e28197b4125ce53e0.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 107 KB
32 KB 13ms
8ms Script
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_ce7e28197b4125ce53e0.js
Requested by: Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_rEkixmwXrnf1ZoXlPzTPPA2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E30E) /
Resource Hash: 106c7ae6e865f487b4fc75aac19b535d73fa8f13507884259be7393b5c5f5494

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
content-encoding: gzip
content-md5: uFX3Qhp/F7U6+waIHizpeA==
age: 2717554
x-cache: HIT
content-length: 32173
x-ms-lease-status: unlocked
last-modified: Tue, 02 Aug 2022 03:12:31 GMT
server: ECAcc (frd/E30E)
etag: 0x8DA7434D67D7930
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 14fdbcb4-701e-009d-435d-a9ab66000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 illustration
aadcdn.msftauthimages.net/dbd5a2dd-u0i1pxxssgkh9b0w79kbdjk85qrnsr5cpqenhjiu6ok/logintenantbranding/0/ 277 KB
278 KB 130ms
11ms Image
image/* 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauthimages.net/dbd5a2dd-u0i1pxxssgkh9b0w79kbdjk85qrnsr5cpqenhjiu6ok/logintenantbranding/0/illustration?ts=637874416124597327
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 80444ec47a327f6cb9150f1d816e3961796d33988ff5db143b043a2b903dacd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
vary: Origin
x-azure-ref-originshield: 02V0XYwAAAAAGaSxuTAG4T6ZBbySF7LB8RlJBMjMxMDUwNDE3MDMzADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5: mOSMA5wGXCnJ57p3vc43Zw==
x-cache: TCP_HIT
content-length: 283651
x-ms-lease-status: unlocked
last-modified: Fri, 06 May 2022 13:46:55 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8DA2F66E23E9E10
x-azure-ref: 0TIAXYwAAAAARuG2OROpDSb6TdUZSAKwKRlJBMzFFREdFMDMyMgA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
content-type: image/*
x-ms-request-id: e31f08c6-f01e-00c4-1e3b-c19b22000000
cache-control: public, max-age=86400
x-ms-version: 2009-09-19

GET
H2 200 bannerlogo
aadcdn.msftauthimages.net/dbd5a2dd-u0i1pxxssgkh9b0w79kbdjk85qrnsr5cpqenhjiu6ok/logintenantbranding/0/ 5 KB
6 KB 129ms
10ms Image
image/* 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauthimages.net/dbd5a2dd-u0i1pxxssgkh9b0w79kbdjk85qrnsr5cpqenhjiu6ok/logintenantbranding/0/bannerlogo?ts=637477890903530895
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: e7b063de9bf8a25e2080945e7aec41138f9aaa206595a1c110b40bb3f169c3f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:56 GMT
vary: Origin
x-azure-ref-originshield: 0iH8XYwAAAAC0XgzfmyOUTraRjrYqbD9cRlJBMjMxMDUwNDE4MDE3ADU5NjY1NzE1LTQyNmEtNGYxYy1hMDU5LWQ1ZGZkNDBhZTZiOQ==
content-md5: 6XMYGztcK+ykJ1zudU/eFg==
x-cache: TCP_HIT
content-length: 5271
x-ms-lease-status: unlocked
last-modified: Mon, 01 Feb 2021 15:11:30 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D8C6C3A7B703E2
x-azure-ref: 0TIAXYwAAAACA/c3UeVunT5VlY2vS9pJSRlJBMzFFREdFMDMyMgA1OTY2NTcxNS00MjZhLTRmMWMtYTA1OS1kNWRmZDQwYWU2Yjk=
content-type: image/*
x-ms-request-id: b48339cf-a01e-0039-5911-c2a440000000
cache-control: public, max-age=86400
x-ms-version: 2009-09-19

GET
H2 200 signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 2 KB
807 B 9ms
8ms Image
image/svg+xml 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2FC) /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:15:57 GMT
content-encoding: gzip
content-md5: R2FAVxfpONfnQAuxVxXbHg==
age: 2999091
x-cache: HIT
content-length: 621
x-ms-lease-status: unlocked
last-modified: Tue, 10 Nov 2020 03:41:05 GMT
server: ECAcc (frd/E2FC)
etag: 0x8D8852A740F01B9
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 622a81ee-e01e-0094-11cd-a67244000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css Show response
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 108 KB
20 KB 8ms
8ms Fetch
text/css 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2B1) /
Resource Hash: 9537f00ca371747a97a2acca388f7b2379a7fa7c59bde18c3d2621c0de8de492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:16:01 GMT
content-encoding: gzip
content-md5: 9K2/nGCj75WAmmAI9nZNCA==
age: 2717559
x-cache: HIT
content-length: 19970
x-ms-lease-status: unlocked
last-modified: Thu, 04 Aug 2022 19:37:00 GMT
server: ECAcc (frd/E2B1)
etag: 0x8DA7650B375AC9B
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 5d0100b0-101e-0026-305d-a94615000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ux.converged.login.strings-de.min_lhhrovnn534e-c0nfmglxq2.js Show response
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 51 KB
15 KB 9ms
9ms Fetch
application/x-javascript 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_lhhrovnn534e-c0nfmglxq2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/36da45f1-dd2c-4d1f-af13-5abe46b99921/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fges.tax.deloitteonline.com%2f&wctx=https%3a%2f%2fges.tax.deloitteonline.com%2fsites%2f846%2f1841%2f1774%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252Fsites%252F846%252F1841%252F1774%252FClprovd%252FForms%252FDTI%2520Mobility%2520Compensation%2520Document%2520Set%252Fdocsethomepage%252Easpx%253FID%253D3%2526FolderCTID%253D0x0120D52000F6CD2AFE378B9345B6014112256B2A5A02002DA0E1A742CA7344B450B9AE96429E1400BE91E0AC982D9A41AEDC70CE01B0B0A5%2526List%253D2c642abf%252D98de%252D4cfb%252Da62f%252D91774d717134%2526RootFolder%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK%2526RecSrc%253D%25252Fsites%25252F846%25252F1841%25252F1774%25252FClprovd%25252FFTA%252520Process%252520%25252D%252520MUK&wreply=https%3a%2f%2fges.tax.deloitteonline.com%2f_trust%2fdefault.aspx&sso_reload=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2E5) /
Resource Hash: c66ff80547e595236f5feacbd4b04001b54bd455da07ced9dd691aae370596fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.microsoftonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 06 Sep 2022 17:16:01 GMT
content-encoding: gzip
content-md5: 71riyjn3BVagiKB9JTpI+A==
age: 2598488
x-cache: HIT
content-length: 14780
x-ms-lease-status: unlocked
last-modified: Fri, 05 Aug 2022 00:57:12 GMT
server: ECAcc (frd/E2E5)
etag: 0x8DA767D6E53DDA9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 568a8265-301e-0034-3a72-aaf450000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ges.tax.deloitteonline.com/	1970-01-20 05:48:18	Name: BIGipServerapp0529_ame_prd_ui_pub_443_ges.tax.deloitteonline.com_pool Value: !N4LKFryz3rTyi3HvAjlILSgNKPHCbi6GmXBPNZE9oTX0AeRrDSJowGCzrEpB9tWTfbQGk7/wI/QdBbU=
login.microsoftonline.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
login.microsoftonline.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login.microsoftonline.com/	1970-01-20 05:48:04	Name: SSOCOOKIEPULLED Value: 1
login.microsoftonline.com/	1970-01-20 06:31:16	Name: buid Value: 0.ASYA8UXaNizdH02vE1q-RrmZIYRnHueZW-lAkZGZa3S39dQmAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrN2t5ptXTGxrbWwVN6RXaI0nTSWGx7JQGfzpUYz4JhsMkH3rZqvV7VTC3vjfkM1tQxLlqoLxe-a9jeRsj1M4B1kQrVMnLLuAxQMIJfew-RAEgAA
login.microsoftonline.com/	1970-01-20 06:31:16	Name: fpc Value: AoQ1uoN-xK1BuzQn0zPNL-u3ddVXAQAAAEx3qdoOAAAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx Value: AQABAAAAAAD--DLA3VO7QrddgJg7Wevrc9a0U7xrFGvlWp4cvNJ0ZGJfOsp83S-Q9peoMmfllV3qGO2fbBmU9c7Cb5CN-4jySXhnkfBT7ySdXrbojXfZfsDru5ec7T_zSCGGeOzgkckiAZyz28e9FXTnomx8ZYUEKRIzkj7WJy8uktYUUD3P4MrzLONwdqFtvo5FdrCdhUUgAA
.login.microsoftonline.com/	1970-01-20 15:09:40	Name: brcap Value: 0
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: 7a3413e294b64fe0ad689e870747d230
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1662484556&co=1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
aadcdn.msftauthimages.net
ges.tax.deloitteonline.com
login.live.com
login.microsoftonline.com
152.199.23.37
2620:1ec:bdf::44
2a02:26f0:3500:584::116e
40.126.32.134
40.126.32.69
106c7ae6e865f487b4fc75aac19b535d73fa8f13507884259be7393b5c5f5494
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338
17c3bde9b483c29909c4036250b09b8a4a78a04dfaaefec9cdec1ce05b4f105d
2a82b7e1fe6679d5a49f44edd89234bead405725802646be3adfd6a5c187dc4f
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e
564118b5f28d90632e7ca3487f8a208b0e7b5fe68fcda0c950986107a5ce2c65
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
80444ec47a327f6cb9150f1d816e3961796d33988ff5db143b043a2b903dacd0
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
9537f00ca371747a97a2acca388f7b2379a7fa7c59bde18c3d2621c0de8de492
c66ff80547e595236f5feacbd4b04001b54bd455da07ced9dd691aae370596fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b063de9bf8a25e2080945e7aec41138f9aaa206595a1c110b40bb3f169c3f6
edbde9f64161df43950058d60d99e4c49d752b6f9e5071c2992635a23b203e34
ff81edd5dbc5ab4119b5cfb546466d6f9fba98dc13d5d361794da797d43700b1

login.microsoftonline.com Open in urlscan Pro 40.126.32.69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

100 %HTTPS

40 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

725 kBTransfer

1823 kBSize

11 Cookies

3 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

11 Cookies

Security Headers

Indicators

login.microsoftonline.com Open in urlscan Pro
40.126.32.69 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

725 kB
Transfer

1823 kB
Size

11
Cookies

21 HTTP transactions
0 data transactions