urlscan.io logo urlscan.io
SecurityTrails logo

login.onedv-ms.com Open in urlscan Pro
185.117.75.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze
Effective URL: https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2fo...
Submission: On February 23 via manual from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 185.117.75.3, located in United Arab Emirates and belongs to HS, AE. The main domain is login.onedv-ms.com.
TLS certificate: Issued by R3 on February 13th 2023. Valid for: 3 months.
This is the only time login.onedv-ms.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 4 185.117.75.3 60117 (HS)
3 2
Apex Domain
Subdomains		 Transfer
4 onedv-ms.com
outlook.onedv-ms.com
login.onedv-ms.com
46 KB
0 msauth.net Failed
logincdn.msauth.net Failed
3 2
Domain Requested by
3 outlook.onedv-ms.com 2 redirects
1 login.onedv-ms.com
0 logincdn.msauth.net Failed login.onedv-ms.com
3 3

This site contains no links.

Subject Issuer Validity Valid
outlook.onedv-ms.com
R3		 2023-02-13 -
2023-05-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: BA95995E664E61D5AAD381B1468F787E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze Page URL
  2. https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze?i=2d3xcpk HTTP 302
    https://outlook.onedv-ms.com/owa/?nlp=1 HTTP 302
    https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wr... Page URL

Page Statistics

3
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

42 kB
Transfer

40 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze Page URL
  2. https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze?i=2d3xcpk HTTP 302
    https://outlook.onedv-ms.com/owa/?nlp=1 HTTP 302
    https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Ht58zK7eze
outlook.onedv-ms.com/m/famjeans/ 		14 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.117.75.3 , United Arab Emirates, ASN60117 (HS, AE),
Reverse DNS
Software
/
Resource Hash
77ad288454de5243e8dbe959e82a39acb86a54043f5fcb14fcfc23dd6fad8aef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Type
text/html
Transfer-Encoding
chunked
Primary Request login.srf
login.onedv-ms.com/
Redirect Chain
  • https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze?i=2d3xcpk
  • https://outlook.onedv-ms.com/owa/?nlp=1
  • https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5...
26 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.117.75.3 , United Arab Emirates, ASN60117 (HS, AE),
Reverse DNS
Software
/
Resource Hash
5984b1bc7e75757b032afe34217f75cfec1242f2068176297e9b283e19951c8f

Request headers

Referer
https://outlook.onedv-ms.com/m/famjeans/Ht58zK7eze
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, max-age=0
Connection
close
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Feb 2023 17:55:39 GMT
Expires
Thu, 23 Feb 2023 17:54:40 GMT
Link
<https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn.msftauth.net/>; rel=dns-prefetch <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://logincdn.msftauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
P3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
Ppserver
PPV: 30 H: BL02EPF0000671F V: 0
Referrer-Policy
strict-origin-when-cross-origin
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Dns-Prefetch-Control
on
X-Ms-Request-Id
a34367de-36e9-4dd7-a0dc-214e4b933c7a
X-Ms-Route-Info
R3_BL2

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
close
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Feb 2023 17:55:40 GMT
Location
https://login.onedv-ms.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1677174940&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3da582f0ab-7946-75e2-4e5b-b5bf129cbe95&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Nel
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Report-To
{"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=AMS"}],"include_subdomains":true}
Request-Id
fe2c2ec2-76a4-74ce-75fe-a52a6ff6568f
Server
Microsoft-IIS/10.0
Transfer-Encoding
chunked
X-Backend-Begin
2023-02-23T17:55:40.296
X-Backend-End
2023-02-23T17:55:40.296
X-Backendhttpstatus
302 302
X-Beserver
GV2PR09MB6325
X-Besku
WCS7
X-Calculatedbetarget
GV2PR09MB6325.eurprd09.prod.outlook.com
X-Calculatedfetarget
GV3P280CU004.internal.outlook.com
X-Diaginfo
GV2PR09MB6325
X-Feefzinfo
AMS
X-Feproxyinfo
AS4PR09CA0002.EURPRD09.PROD.OUTLOOK.COM
X-Feserver
GV3P280CA0095 AS4PR09CA0002
X-Firsthopcafeefz
AMS
X-Iids
0
X-Ms-Forwardingcorrelationid
0d27ea23-d6d0-4b32-a97b-fdab69ef1e60
X-Ms-Originrequestcorrelationid
2d9805d4-f761-439d-bcf0-11593d12058a
X-Owa-Diagnosticsinfo
2;0;0
X-Proxy-Backendserverstatus
302
X-Proxy-Routingcorrectness
1
X-Rum-Notupdatequerieddbcopy
1
X-Rum-Notupdatequeriedpath
1
X-Rum-Validated
1
X-Ua-Compatible
IE=EmulateIE7
Converged_v21031_rgar1csHGvkg9KmRssrhFQ2.css
logincdn.msauth.net/16.000/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
logincdn.msauth.net
URL
https://logincdn.msauth.net/16.000/Converged_v21031_rgar1csHGvkg9KmRssrhFQ2.css

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

6 Cookies

Domain/Path Name / Value
.onedv-ms.com/ Name: ibpG
Value: 30909a7f2e0ac2407e083ae48dc5aefa05bfc3b540da8d32269a9644451773ef
outlook.onedv-ms.com/ Name: ClientId
Value: 32CCB96CCC4C497AB4D808D8A495F3F6
.onedv-ms.com/ Name: logonLatency
Value: LGN01=638127717402966400
outlook.onedv-ms.com/ Name: exchangecookie
Value: 7c7d66914f37484184e946ddedd45821
outlook.onedv-ms.com/ Name: RpsCsrfState.NpGARarUE263w3Jzu56EaxSAWMQYsydZ8oEB4dp1ffg
Value: a582f0ab-7946-75e2-4e5b-b5bf129cbe95
outlook.onedv-ms.com/ Name: X-OWA-RedirectHistory
Value: AhR7n8MBgHkiLccV2wg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.onedv-ms.com
logincdn.msauth.net
outlook.onedv-ms.com
logincdn.msauth.net
185.117.75.3
5984b1bc7e75757b032afe34217f75cfec1242f2068176297e9b283e19951c8f
77ad288454de5243e8dbe959e82a39acb86a54043f5fcb14fcfc23dd6fad8aef