Case in hand: htxps://sts.uef.fi/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=9c330d65-dee1-e311-80ca-005056b6148f&returnUrl=https%3A%2F%2Fowa.uef.fi%2Fowa&client-request-id=703F4D34-E8CC-0001-8864-8A70CCE8D201 (do not try as hacking is an offense!).
What site is into such exercise, well it is: -http://www.beatmysite.com blocked by Google Safebrowsing as insecure: -http://www.beatmysite.com/owa.uef.fi

The site to be beaten has solid security (only issue excessive server info proliferation): https://asafaweb.com/Scan?Url=https%3A%2F%2Fsts.uef.fi%2Fadfs%2Fls

Another source: https://urlscan.io/result/d845723d-562c-4e83-a846-88759feb3acb/dom/

The malware: https://www.hybrid-analysis.com/sample/2e2136675777178eed7b77d3c39609fd00965bc967ca8d42e2437f08aaecfc55?environmentId=1

& https://otx.alienvault.com/indicator/ip/123.30.137.221/ → http://whois.domaintools.com/beatmysite.com

polonus (volunteer website security analyst and website error-huntre)