Submitted URL: https://onedrive.live.com/download?cid=43D97B00C70942AB&resid=43D97B00C70942AB%21136&authkey=APt_kXGBw6PQuWs
Effective URL: https://vs4ulq.bn.files.1drv.com/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDXiELqCgOhrjFsRmC8137WrJ3i7JRhLpR8COtVvGzZl4X9ebsDP6xaQ/Swift_Copy%20pdf.tar?download&psid=1
Submission: On July 12 via manual from JP

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions.
The main IP is 13.107.42.12, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is vs4ulq.bn.files.1drv.com.
TLS certificate: Issued by Microsoft IT TLS CA 5 on October 19th 2017. Valid for: 2 years.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Downloads New! These files were downloaded by the website

Domain & IP information

IP Address AS Autonomous System
1 1 13.107.42.13 8068 (MICROSOFT...)
1 13.107.42.12 8068 (MICROSOFT...)
1 1
Domain
Subdomains
Transfer
1 1drv.com
0 B
1 live.com
748 B
1 2
Domain Requested by
1 vs4ulq.bn.files.1drv.com
1 onedrive.live.com 1 redirects
1 2

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
storage.live.com
Microsoft IT TLS CA 5
2017-10-19 -
2019-10-19
2 years

Screenshot



Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

1 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Swift_Copy%20pdf.tar?download&psid=1
/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDXiELqCgOhrjFsRmC8137WrJ3i7JRhLpR8...
Redirect Chain
  • https://onedrive.live.com/download?cid=43D97B00C70942AB&resid=43D97B00C70942AB%21136&authkey=APt_kXGBw6PQuWs
  • https://vs4ulq.bn.files.1drv.com/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDX...
0
0
Document
General
Full URL
https://vs4ulq.bn.files.1drv.com/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDXiELqCgOhrjFsRmC8137WrJ3i7JRhLpR8COtVvGzZl4X9ebsDP6xaQ/Swift_Copy%20pdf.tar?download&psid=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.107.42.12 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
1drv.ms
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
vs4ulq.bn.files.1drv.com
:scheme
https
:path
/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDXiELqCgOhrjFsRmC8137WrJ3i7JRhLpR8COtVvGzZl4X9ebsDP6xaQ/Swift_Copy%20pdf.tar?download&psid=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
cache-control
public
content-type
application/octet-stream
content-encoding
gzip
content-location
https://vs4ulq.bn.files.1drv.com/y4muQErn5ISc8kwWt77IOKzQSSHog4kbobp9iyLKJPLnJ2yFRyAi6RHRRfOHmUtGeYItyAv_EyagnTmixKg_5bnkwFpxBrTPEbwXPKy8-zZpUZoGimpzqqABcXICj3dRieBqR4nctQGRIoPzfTZt6V1jy_2E9R8FO2NnuluIY8DD9Y1S1diOGKUgr5nz2tTb_QN
expires
Thu, 10 Oct 2019 02:23:48 GMT
last-modified
Fri, 12 Jul 2019 01:46:39 GMT
accept-ranges
bytes
etag
43D97B00C70942AB!136.1
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
x-msnserver
BN2BAP64238E8BE
strict-transport-security
max-age=31536000; includeSubDomains
ms-cv
Qo/Sfz8XFECrASTRp/KsQw.0
x-sqldataorigin
S
ctag
aYzo0M0Q5N0IwMEM3MDk0MkFCITEzNi4yNTc
x-preauthinfo
rv;poba;
content-disposition
attachment; filename*=UTF-8''Swift_Copy%20pdf.tar
x-content-type-options
nosniff
x-streamorigin
X
x-asmversion
UNKNOWN; 19.286.701.2005
x-msedge-ref
Ref A: 76A7018A8529406DA107D8A697B17B7D Ref B: STOEDGE0708 Ref C: 2019-07-12T02:23:48Z
date
Fri, 12 Jul 2019 02:23:48 GMT

Redirect headers

status
302
cache-control
no-cache, no-store
pragma
no-cache
content-type
text/html
expires
-1
location
https://vs4ulq.bn.files.1drv.com/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDXiELqCgOhrjFsRmC8137WrJ3i7JRhLpR8COtVvGzZl4X9ebsDP6xaQ/Swift_Copy%20pdf.tar?download&psid=1
set-cookie
E=P:T/rj+G8G14g=:42dwdKUC0r/6lhmP4wbDsntwfwVEBWOxnnpa2QQ9EJw=:F; domain=.live.com; path=/ xid=6bacf1c1-e51a-417f-be24-adc191bba58b&&RD00155D5E7461&236; domain=.live.com; path=/ xidseq=1; domain=.live.com; path=/ LD=; domain=.live.com; expires=Fri, 12-Jul-2019 00:43:48 GMT; path=/ wla42=; domain=live.com; expires=Fri, 19-Jul-2019 02:23:48 GMT; path=/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-msnserver
RD00155D5E7461
x-odwebserver
canadaeast0-ODWebpl
x-msedge-ref
Ref A: 6AE41B4DA18C468EAE80D0A4CE872E25 Ref B: STOEDGE0920 Ref C: 2019-07-12T02:23:48Z
date
Fri, 12 Jul 2019 02:23:47 GMT
content-length
0

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • https://onedrive.live.com/download?cid=43D97B00C70942AB&resid=43D97B00C70942AB%21136&authkey=APt_kXGBw6PQuWs
  • https://vs4ulq.bn.files.1drv.com/y4mz1iCR-9imRPh11ikeojBiISy5AZJWXNdh2Hi3bllMDqFU2LTeWSgngiO5j--sCtwOHTBVO0y9CLg85m_pzgbcUCeKsLzimukS0fJa0EJ3nf1her9dk2EgfpwYfvpwOolC3Bz9VZPh-mGrVHas1I8nKxkx5dfSIxDX...

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

onedrive.live.com
vs4ulq.bn.files.1drv.com


13.107.42.12
13.107.42.13