Report - autodiscover.marriotthotels.de

Report Overview

Submitted URL
autodiscover.marriotthotels.de
IP
52.98.228.232
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-03-28 21:34:15
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
login.microsoftonline.com	25	2002-07-09	2017-02-19	2019-07-18	1.0 kB	16 kB	20.190.181.1
autodiscover.marriotthotels.de	unknown	unknown	No data	No data	281 B	542 B	40.101.1.20
outlook.office365.com	51	2005-06-20	2013-04-11	2021-03-15	396 B	7.2 kB	40.99.215.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	autodiscover.marriotthotels.de/	40.101.1.20		0 B
URL User Request GET autodiscover.marriotthotels.de/ IP 40.101.1.20:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: autodiscover.marriotthotels.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Pragma: no-cache Location: https://outlook.office365.com/owa/?realm=marriotthotels.de&vd=autodiscover Server: Microsoft-IIS/10.0 request-id: 7a334b9d-bc4c-1c23-5a1d-63ffe54028ba X-RequestId: 74a753e6-d0d9-474b-9532-813518108014 X-FEProxyInfo: GVX0EPF0000ED86.SWEP280.PROD.OUTLOOK.COM X-FEEFZInfo: GVX MS-CV: nUszeky8IxxaHWP/5UAoug.0 X-Powered-By: ASP.NET X-FEServer: GVX0EPF0000ED86, GVX0EPF0000ED86 Date: Thu, 28 Mar 2024 21:33:53 GMT Connection: close Content-Length: 0

	outlook.office365.com/owa/?realm=marriotthotels.de&vd=autodiscover	40.99.215.98		870 B
URL outlook.office365.com/owa/?realm=marriotthotels.de&vd=autodiscover IP 40.99.215.98:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type HTML document, ASCII text, with very long lines (798), with CRLF line terminators Size 870 B (870 bytes) Hash 2f9c60446d981462dd5405c60f8ff665 bd5f29e536553fa691672e880b7ceebd987e92a0 7291261c1a7e8a5a0710fd78c92625c32d9997bb072aa01caa761db1db6c5f60 HTTP Headers `GET /owa/?realm=marriotthotels.de&vd=autodiscover HTTP/1.1 Host: outlook.office365.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found content-length: 870 content-type: text/html; charset=utf-8 location: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=397d8873-5ff5-4418-67f6-6dde9820c76a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=marriotthotels.de&nonce=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59&state=DctBDoMgEEBRaO_SHUqFmYGF6VmmzjQ10ZAg2uuXxfu7b40x9-7WWd9jCEOKNEGKITwBkDINKiDk3-gQo7hI4F0S8W5SjR9YMjBk2183lh-Pr6q87fPOta6ltW9puh2D6OOSmc9WZD2Wcmn9Aw server: Microsoft-IIS/10.0 request-id: 397d8873-5ff5-4418-67f6-6dde9820c76a strict-transport-security: max-age=31536000; includeSubDomains; preload alt-svc: h3=":443",h3-29=":443" x-calculatedfetarget: SV0P279CU002.internal.outlook.com p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" set-cookie: ClientId=4A2EA2626B61472DBF010F03FB54AF9E; expires=Fri, 28-Mar-2025 21:33:53 GMT; path=/;SameSite=None; secure ClientId=4A2EA2626B61472DBF010F03FB54AF9E; expires=Fri, 28-Mar-2025 21:33:53 GMT; path=/;SameSite=None; secure OIDC=1; expires=Sat, 28-Sep-2024 21:33:53 GMT; path=/;SameSite=None; secure; HttpOnly domainName=marriotthotels.de; path=/;SameSite=None; secure; HttpOnly RoutingKeyCookie=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.token.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.token.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.id_token.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.code.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_nonce.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_correlation_id=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.tokenPostPath=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.id_token.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.code.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_nonce.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_correlation_id=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.tokenPostPath=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.nonce.v3.5iSxH59AQOFrAOEYm8cmJKoByKnfQUBVyaE4g3S1kHE=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59; expires=Thu, 28-Mar-2024 22:33:53 GMT; path=/;SameSite=None; secure; HttpOnly HostSwitchPrg=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OptInPrg=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure SuiteServiceProxyKey=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure ClientId=4A2EA2626B61472DBF010F03FB54AF9E; expires=Fri, 28-Mar-2025 21:33:53 GMT; path=/;SameSite=None; secure OIDC=1; expires=Sat, 28-Sep-2024 21:33:53 GMT; path=/;SameSite=None; secure; HttpOnly domainName=marriotthotels.de; path=/;SameSite=None; secure; HttpOnly RoutingKeyCookie=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.token.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.token.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.id_token.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.code.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_nonce.v1=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_correlation_id=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.tokenPostPath=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.id_token.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.code.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_nonce.v1=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.idp_correlation_id=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.tokenPostPath=; domain=outlook.office365.com; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OpenIdConnect.nonce.v3.5iSxH59AQOFrAOEYm8cmJKoByKnfQUBVyaE4g3S1kHE=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59; expires=Thu, 28-Mar-2024 22:33:53 GMT; path=/;SameSite=None; secure; HttpOnly HostSwitchPrg=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure OptInPrg=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure SuiteServiceProxyKey=; expires=Mon, 28-Mar-1994 21:33:53 GMT; path=/; secure X-OWA-RedirectHistory=ArLym14BvXfow25P3Ag; expires=Fri, 29-Mar-2024 03:35:53 GMT; path=/;SameSite=None; secure; HttpOnly x-calculatedbetarget: SV0P279MB0090.NORP279.PROD.OUTLOOK.COM x-backendhttpstatus: 302, 302 x-rum-validated: 1 x-rum-notupdatequeriedpath: 1 x-rum-notupdatequerieddbcopy: 1 x-content-type-options: nosniff x-besku: WCS6 x-owa-diagnosticsinfo: 1;0;0 x-iids: 0 x-backend-begin: 2024-03-28T21:33:53.155 x-backend-end: 2024-03-28T21:33:53.155 x-diaginfo: SV0P279MB0090 x-beserver: SV0P279MB0090 x-ua-compatible: IE=EmulateIE7 x-proxy-routingcorrectness: 1 x-proxy-backendserverstatus: 302 x-feproxyinfo: OS6P279CA0089.NORP279.PROD.OUTLOOK.COM x-feefzinfo: OSL report-to: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=OSL&RemoteIP=91.90.42.0"}],"include_subdomains":true} nel: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} x-firsthopcafeefz: OSL x-feserver: SV0P279CA0024, OS6P279CA0089 date: Thu, 28 Mar 2024 21:33:52 GMT X-Firefox-Spdy: h2

	login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=397d8873-5ff5-4418-67f6-6dde9820c76a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=marriotthotels.de&nonce=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59&state=DctBDoMgEEBRaO_SHUqFmYGF6VmmzjQ10ZAg2uuXxfu7b40x9-7WWd9jCEOKNEGKITwBkDINKiDk3-gQo7hI4F0S8W5SjR9YMjBk2183lh-Pr6q87fPOta6ltW9puh2D6OOSmc9WZD2Wcmn9Aw	20.190.181.1		14 kB
URL login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=397d8873-5ff5-4418-67f6-6dde9820c76a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=marriotthotels.de&nonce=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59&state=DctBDoMgEEBRaO_SHUqFmYGF6VmmzjQ10ZAg2uuXxfu7b40x9-7WWd9jCEOKNEGKITwBkDINKiDk3-gQo7hI4F0S8W5SjR9YMjBk2183lh-Pr6q87fPOta6ltW9puh2D6OOSmc9WZD2Wcmn9Aw IP 20.190.181.1:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type HTML document, Unicode text, UTF-8 text, with very long lines (21801), with CRLF, LF line terminators Size 14 kB (14222 bytes) Hash 3d46815976edbf07b2804a7b1e7822c8 171d8bfc51a2080417c3a7d60ca4cbf7fb0a53ba d63662356d26fb27149e4108464c96e74c7ee05455d97e7a10c45bf152fbc8e8 HTTP Headers GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=397d8873-5ff5-4418-67f6-6dde9820c76a&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&domain_hint=marriotthotels.de&nonce=638472584331556797.ed5d70b6-664d-4750-8dd0-2ee4f5c95a59&state=DctBDoMgEEBRaO_SHUqFmYGF6VmmzjQ10ZAg2uuXxfu7b40x9-7WWd9jCEOKNEGKITwBkDINKiDk3-gQo7hI4F0S8W5SjR9YMjBk2183lh-Pr6q87fPOta6ltW9puh2D6OOSmc9WZD2Wcmn9Aw HTTP/1.1 Host: login.microsoftonline.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK cache-control: no-store, no-cache pragma: no-cache content-type: text/html; charset=utf-8 content-encoding: gzip expires: -1 vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains x-content-type-options: nosniff x-frame-options: DENY link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch x-dns-prefetch-control: on p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: dc2346c4-7092-4a7c-a68e-89620df00d00 x-ms-ests-server: 2.1.17615.13 - WEULR1 ProdSlices x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-security-policy-report-only: frame-src 'self'; base-uri 'self'; report-uri https://csp.microsoft.com/report/ESTS-UX-All x-xss-protection: 0 set-cookie: buid=0.ARoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8ZVFo4Z2ZxxM6wER3EGQetdXSlZuUJjAQvbq705nd9vm2OckWxB2p01BTKm4XMCUxcQOd4EWWZx-LXAlqJAbOjDjFPkZE8g43yjQPwLtNEE0gAA; expires=Sat, 27-Apr-2024 21:33:53 GMT; path=/; secure; HttpOnly; SameSite=None esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd86RTrF70qHwzFId1ZDf_VxkKqY-zc5dgVUAoQ1UzdD0xhH6tri72NlSrhbfJtr1eRby_pMubwSRjVpH-XeksyRZ1cE5ycUhTcz6oz3kHXPsR6iGtUkE0csHQhtrPpMpsDhaK4LZnUXszuqPookSPs0avgl8VkMMXfeszwGZC6BF0gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None esctx-34weVGbKKk=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd85PgHGROHngICKys8IyiS8XqMpiVa_Pxxm3v-V0bUQt8kpvGhYlJh_zN0OXB1Y9qEHgtW17zvv0aMCCuEm33rI-h9J19gA2veXt7fI539Y7FhR21h8WnrAtZdk0BWqpnWHwWT8CUuNUZv7BAc4pRU4yAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None fpc=AnnQ1luLSBhJtUH-BT-Rxv6erOTJAQAAAEHZl90OAAAA; expires=Sat, 27-Apr-2024 21:33:53 GMT; path=/; secure; HttpOnly; SameSite=None x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly stsservicecookie=estsfd; path=/; secure; samesite=none; httponly date: Thu, 28 Mar 2024 21:33:52 GMT content-length: 14222 X-Firefox-Spdy: h2