![](/screenshots/32b0d542-9fcc-45e9-a516-66e89dd1bce8.png)
login.onedv-ms.com
Open in
urlscan Pro
185.117.75.3
Public Scan
Effective URL: https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2fo...
Submission: On February 23 via manual from BE — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 13th 2023. Valid for: 3 months.
This is the only time login.onedv-ms.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 185.117.75.3 185.117.75.3 | 60117 (HS) (HS) | |
3 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
onedv-ms.com
2 redirects
outlook.onedv-ms.com login.onedv-ms.com |
46 KB |
0 |
msauth.net
Failed
logincdn.msauth.net Failed |
|
3 | 2 |
Domain | Requested by | |
---|---|---|
3 | outlook.onedv-ms.com | 2 redirects |
1 | login.onedv-ms.com | |
0 | logincdn.msauth.net Failed |
login.onedv-ms.com
|
3 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
outlook.onedv-ms.com R3 |
2023-02-13 - 2023-05-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: BA95995E664E61D5AAD381B1468F787E
Requests: 3 HTTP requests in this frame
Screenshot
![](/screenshots/32b0d542-9fcc-45e9-a516-66e89dd1bce8.png)
Page URL History Show full URLs
- https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze Page URL
-
https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze?i=2d3xcpk
HTTP 302
https://outlook.onedv-ms.com/owa/?nlp=1 HTTP 302
https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wr... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze Page URL
-
https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze?i=2d3xcpk
HTTP 302
https://outlook.onedv-ms.com/owa/?nlp=1 HTTP 302
https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Ht58zK7eze
outlook.onedv-ms.com/m/famjeans/ |
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.srf
login.onedv-ms.com/ Redirect Chain
|
26 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Converged_v21031_rgar1csHGvkg9KmRssrhFQ2.css
logincdn.msauth.net/16.000/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- logincdn.msauth.net
- URL
- https://logincdn.msauth.net/16.000/Converged_v21031_rgar1csHGvkg9KmRssrhFQ2.css
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.onedv-ms.com/ | Name: ibpG Value: 30909a7f2e0ac2407e083ae48dc5aefa05bfc3b540da8d32269a9644451773ef |
|
outlook.onedv-ms.com/ | Name: ClientId Value: 32CCB96CCC4C497AB4D808D8A495F3F6 |
|
.onedv-ms.com/ | Name: logonLatency Value: LGN01=638127717402966400 |
|
outlook.onedv-ms.com/ | Name: exchangecookie Value: 7c7d66914f37484184e946ddedd45821 |
|
outlook.onedv-ms.com/ | Name: RpsCsrfState.NpGARarUE263w3Jzu56EaxSAWMQYsydZ8oEB4dp1ffg Value: a582f0ab-7946-75e2-4e5b-b5bf129cbe95 |
|
outlook.onedv-ms.com/ | Name: X-OWA-RedirectHistory Value: AhR7n8MBgHkiLccV2wg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.onedv-ms.com
logincdn.msauth.net
outlook.onedv-ms.com
logincdn.msauth.net
185.117.75.3
5984b1bc7e75757b032afe34217f75cfec1242f2068176297e9b283e19951c8f
77ad288454de5243e8dbe959e82a39acb86a54043f5fcb14fcfc23dd6fad8aef