www.onenote.com
Open in
urlscan Pro
52.109.76.2
Public Scan
Effective URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Submission: On September 08 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on October 6th 2020. Valid for: a year.
This is the only time www.onenote.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 52.109.76.2 52.109.76.2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
5 | 23.197.254.169 23.197.254.169 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 20.190.160.129 20.190.160.129 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 192.229.221.185 192.229.221.185 | 15133 (EDGECAST) (EDGECAST) | |
12 | 6 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-197-254-169.deploy.static.akamaitechnologies.com
site-cdn.onenote.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
onenote.net
site-cdn.onenote.net |
92 KB |
4 |
onenote.com
1 redirects
www.onenote.com |
5 KB |
1 |
msauth.net
logincdn.msauth.net |
6 KB |
1 |
live.com
login.live.com |
6 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com |
43 KB |
0 |
microsoftonline.com
Failed
login.microsoftonline.com Failed |
|
12 | 6 |
Domain | Requested by | |
---|---|---|
5 | site-cdn.onenote.net |
www.onenote.com
|
4 | www.onenote.com |
1 redirects
site-cdn.onenote.net
|
1 | logincdn.msauth.net |
login.live.com
|
1 | login.live.com |
site-cdn.onenote.net
|
1 | ajax.aspnetcdn.com |
www.onenote.com
|
0 | login.microsoftonline.com Failed |
site-cdn.onenote.net
|
12 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
reverseproxy.onenote.com Microsoft RSA TLS CA 01 |
2020-10-06 - 2021-10-06 |
a year | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2020-11-16 - 2021-11-10 |
a year | crt.sh |
site-cdn.onenote.net Microsoft RSA TLS CA 01 |
2020-10-02 - 2021-10-02 |
a year | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2021-08-17 - 2022-08-17 |
a year | crt.sh |
identitycdn.msauth.net DigiCert SHA2 Secure Server CA |
2021-05-13 - 2022-05-13 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Frame ID: 93B942C61AFAF4521C917811552166B4
Requests: 9 HTTP requests in this frame
Frame:
https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=1&nf=1
Frame ID: 814A7FB253176DB2FEC2479DB01EB78C
Requests: 2 HTTP requests in this frame
Frame:
https://login.microsoftonline.com/savedusers?wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=2&nf=1&appid=2d4d3d8e-2be3-4bef-9f87-7875a61c29de
Frame ID: AB2FAD10329FA3A0930D5A946E440599
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Microsoft OneNote | Die App für digitale Notizen für Ihre GerätePage URL History Show full URLs
-
https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP
HTTP 302
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP
HTTP 302
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
signin
www.onenote.com/ Redirect Chain
|
21 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.0.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
95 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bodymovin.min.js
site-cdn.onenote.net/libraries/bodymovin/4.13.0/ |
248 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CommonDiagnostics.js
site-cdn.onenote.net/161450740452_Scripts/ |
39 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Common.js
site-cdn.onenote.net/161450740452_Scripts/ |
46 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DefaultSignIn.min.js
site-cdn.onenote.net/161450740452_Scripts/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Default2SignIn.js
site-cdn.onenote.net/161450740452_Scripts/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
RemoteUls.ashx
www.onenote.com/ |
0 319 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
RemoteUls.ashx
www.onenote.com/ |
0 189 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
Me.srf
login.live.com/ Frame 814A |
11 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
savedusers
login.microsoftonline.com/ Frame AB2F |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MeControl_qpzIZY_EP1sDna_p2TbPiQ2.js
logincdn.msauth.net/16.000/content/js/ Frame 814A |
17 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.microsoftonline.com
- URL
- https://login.microsoftonline.com/savedusers?wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=2&nf=1&appid=2d4d3d8e-2be3-4bef-9f87-7875a61c29de
Verdicts & Comments Add Verdict or Comment
91 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| g_msaReturnUrl string| g_orgIdReturnUrl string| g_signupUrl string| g_msaPasswordResetUrl string| g_msaLoginUrl string| g_hrdIframeUrl string| g_orgIdLoginUrl string| g_authType string| g_fullScreenHrd object| g_hrdOverride boolean| g_useNewRedirectUrlOverride number| g_preferredIdpForDefaultSignIn string| g_appId boolean| g_defaultSignInEnabled boolean| g_defaultSignInFixEnabled string| g_defaultSignInAadHost boolean| DefaultSignInEnabled number| DefaultSignInTimeout string| HomePageUrl string| RedirectUrl string| SessionId object| bodymovin function| Type function| $5 object| Sys object| Diag object| OfficeBrowserFeedback function| GetOSPlatform function| InitializeUls function| InstrumentLinks function| LogUserViewPortInfo function| UpdateFurthestScrollDepth function| LogElapsedTimeOnPage function| InsertAdditionalBeforeUnloadFunction function| OnUnloadingPage function| FlushBrowserUls function| FlushUlsAsynchronous function| GenerateInstrumentationLink function| GenerateContextMenuInstrumentationLink function| GenerateDragInstrumentationLink object| Utils object| OSPlatform string| _osPlatform undefined| ClipperIndexURL undefined| NotebooksIndexURL undefined| OrigRefCookieName undefined| OrigRefCookieValue undefined| ShowSignInControl undefined| onSignInDialogKeyUp object| Common function| __extends string| TelemetryClickableClass object| TheUlsHost number| furthestScrollDepthPercentage function| RecordPageLoadTime number| PageStartLoadTime undefined| ulsCategoryStringSetInCshtml object| additionalBeforeUnloadFunctions undefined| _onBeforePageUnloadCalled object| Feedback object| jQuery1120032062667732573313 object| AuthType object| Operation object| ErrorCode object| TimerUtils object| IframeUtils object| Constants object| LoggingUtils function| IdpUserResult function| DefaultSignInOptions function| getDefaultAadUser function| getDefaultMsaUser function| findDefaultSignedInUser function| convertAadUserData function| convertMsaUserData function| getAadData function| getMsaData function| getAadMsaData boolean| enableConsoleLog undefined| msaFedEnabled function| getAccount function| ExtractHostnameFromUrl function| HandleRedirectIfNoDefaultSignIn function| HandleDefaultSignInResult function| AttemptDefaultSignIn object| animationData9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.onenote.com/ | Name: UserTrackerKey Value: AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47 |
|
www.onenote.com/ | Name: ONSessionKey Value: SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47 |
|
www.onenote.com/ | Name: TreatmentGroups Value: SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control |
|
www.onenote.com/ | Name: OneNoteMvcUserIdentifier Value: 0c3acc4d-eaeb-40b9-9bef-6ac442840a02 |
|
www.onenote.com/ | Name: PageVisitKey Value: PublicSiteHomepage=1 |
|
.www.onenote.com/ | Name: AuthSess Value: 6a6ae2d8-acba-4016-89f2-28172bcb7a95 |
|
.onenote.com/ | Name: AADNonce Value: 89149baf-30ab-4110-8e19-e92d5b1c9d31.637667375273660240 |
|
.login.live.com/ | Name: uaid Value: b7bc333e6b29400a9d4445daba38ae46 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1631140727&co=1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
login.live.com
login.microsoftonline.com
logincdn.msauth.net
site-cdn.onenote.net
www.onenote.com
login.microsoftonline.com
152.199.19.160
192.229.221.185
20.190.160.129
23.197.254.169
52.109.76.2
107f056a45cb04eb4410c30e9f81c6ba58fa18d2f55a4564509175f3690d79f6
44393101851792342f496893888524e1a375dc8af16a9ffbcbac896504041827
4ff052fdc4c74ae0d533d76000c3288bda0d53cb398b8b9fb172237d5fd2f853
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
61957faa2ae6d22ca8ce9d5ef15e1eda1ff8841f17bbd1bba0247a0d5a4f6e69
8bf04921d322b16a02a671e95f640120cb1b4522a5b71df3d2a840119714eb65
9c5b5d4688fe4303ea57ec9a6f260ab69cd7c2710652c2db62d6e82aa063ac34
d6f274edc7ef5d743bc7290eca6e6f97b3a3b6a8dd2639178ff5bb5d2a4755a9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6d4c6fca7a6c2755b161d2695d5d60f5a25e1e848c31d1ab43ed0abdd107f7f