urlscan.io logo urlscan.io
SecurityTrails logo

oneokadfs3.oneok.com Open in urlscan Pro
172.110.141.90  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://agencelavalle.mx/jaBM2Fe5sdy9aki2PngbWO3lax0qWO3nFe5WO3kdy9s3RWO3BM2
Effective URL: https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736...
Submission: On May 01 via manual from US — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 6 HTTP transactions. The main IP is 172.110.141.90, located in and belongs to . The main domain is oneokadfs3.oneok.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on August 2nd 2023. Valid for: a year.
This is the only time oneokadfs3.oneok.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 135.181.236.6 24940 (HETZNER-AS)
2 3 185.42.14.179 57271 (BITWEB-AS)
1 2 2603:1027:1:d... 8075 (MICROSOFT...)
1 2620:1ec:bdf::45 8075 (MICROSOFT...)
1 172.110.141.90 ()
6 5
1    135.181.236.6 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: sanluis.solidred.com.mx
agencelavalle.mx
3    185.42.14.179 (London, United Kingdom)

ASN57271 (BITWEB-AS, RU)
log1n-approval-expense.mepsandistic.org
2    2603:1027:1:d8::4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
1    2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
1    172.110.141.90 (None, )

ASN- ()
oneokadfs3.oneok.com
Apex Domain
Subdomains		 Transfer
3 mepsandistic.org
log1n-approval-expense.mepsandistic.org
66 KB
2 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 10
13 KB
1 oneok.com
oneokadfs3.oneok.com
1 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 841
49 KB
1 agencelavalle.mx
agencelavalle.mx
248 B
6 5
Domain Requested by
3 log1n-approval-expense.mepsandistic.org 2 redirects
2 login.microsoftonline.com 1 redirects
1 oneokadfs3.oneok.com aadcdn.msauth.net
oneokadfs3.oneok.com
1 aadcdn.msauth.net login.microsoftonline.com
1 agencelavalle.mx 1 redirects
6 5

This site contains no links.

Subject Issuer Validity Valid
mepsandistic.org
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2024-03-07 -
2025-03-07		 a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2024-04-30 -
2025-04-30		 a year crt.sh
oneokadfs3.oneok.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-02 -
2024-08-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736ba37f5&username=james.akingbola%40oneok.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATiu9be-vJjs9-iH-u-m-0y_7qKUZmwEfoXGBlfMDJOYpLMSsxNLdZLzM7MS0_Kz0l0yM9Lzc8GKbnFJOhflO6ZEl7slpqSWpRYkpmf94gZt_oLLAKvWHgMmK04OLgEGCQYFBh-sDAuYgW60GaB12PDdBaHeX8lVPUPpDKcYtU3KooyLvP0yQpJ9sguNyl3D0stKTAoTPVLTPIPyghND8sxc3bMNC7LNY8ItDW2MpzAJjSBjekUG8MHNsYOdoZZ7AwHOBkP8DL84Pt55e_vP3tnvfPYIMAAAA2
Frame ID: E90BDCC1B97D89AAD85C7D532811805A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://agencelavalle.mx/jaBM2Fe5sdy9aki2PngbWO3lax0qWO3nFe5WO3kdy9s3RWO3BM2 HTTP 302
    https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== Page URL
  2. https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
    https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
    https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com Page URL
  3. https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com&sso_reload=true HTTP 302
    https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f... Page URL

Page Statistics

6
Requests

67 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

125 kB
Transfer

339 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://agencelavalle.mx/jaBM2Fe5sdy9aki2PngbWO3lax0qWO3nFe5WO3kdy9s3RWO3BM2 HTTP 302
    https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== Page URL
  2. https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
    https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
    https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com Page URL
  3. https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com&sso_reload=true HTTP 302
    https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736ba37f5&username=james.akingbola%40oneok.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATiu9be-vJjs9-iH-u-m-0y_7qKUZmwEfoXGBlfMDJOYpLMSsxNLdZLzM7MS0_Kz0l0yM9Lzc8GKbnFJOhflO6ZEl7slpqSWpRYkpmf94gZt_oLLAKvWHgMmK04OLgEGCQYFBh-sDAuYgW60GaB12PDdBaHeX8lVPUPpDKcYtU3KooyLvP0yQpJ9sguNyl3D0stKTAoTPVLTPIPyghND8sxc3bMNC7LNY8ItDW2MpzAJjSBjekUG8MHNsYOdoZZ7AwHOBkP8DL84Pt55e_vP3tnvfPYIMAAAA2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://agencelavalle.mx/jaBM2Fe5sdy9aki2PngbWO3lax0qWO3nFe5WO3kdy9s3RWO3BM2 HTTP 302
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==
Request Chain 1
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ== HTTP 302
  • https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
log1n-approval-expense.mepsandistic.org/
Redirect Chain
  • https://agencelavalle.mx/jaBM2Fe5sdy9aki2PngbWO3lax0qWO3nFe5WO3kdy9s3RWO3BM2
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==
166 KB
66 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.42.14.179 London, United Kingdom, ASN57271 (BITWEB-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 01 May 2024 15:03:03 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 01 May 2024 15:03:02 GMT
location
https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==#/common/authorize?document=0.014418504673251-0ff1-0.71676446949912&auth=10.42938036212203-0.1837159628904
server
nginx
vary
Accept-Encoding
/
login.microsoftonline.com/
Redirect Chain
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==
  • https://log1n-approval-expense.mepsandistic.org/?organisation=oneok.com&dse=amFtZXMuYWtpbmdib2xhQG9uZW9rLmNvbQ==
  • https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com
19 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1027:1:d8::4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
dfc01aad13ceec871fe4d273481414bf0fbee3be65c5cacdae66d0b5156403cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://log1n-approval-expense.mepsandistic.org
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
8773
Content-Type
text/html; charset=utf-8
Date
Wed, 01 May 2024 15:03:06 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.17910.13 - FRC ProdSlices
x-ms-request-id
5433280c-3b4b-4242-9c5f-e0d9863f6f00
x-ms-srs
1.P

Redirect headers

content-type
text/html; charset=utf-8
date
Wed, 01 May 2024 15:03:07 GMT
location
https://login.microsoftonline.com?organisation=oneok.com&username=james.akingbola%40oneok.com
referrer-policy
no-referrer
server
nginx
BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		138 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 May 2024 15:03:07 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
content-length
49609
x-ms-lease-status
unlocked
last-modified
Mon, 01 Apr 2024 18:07:19 GMT
etag
0x8DC527692402A16
x-azure-ref
20240501T150307Z-1569cd7c5d7zqhjrfbwy9bkdhg00000001400000000082ff
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
a4963651-801e-0042-205b-9b608b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Primary Request /
oneokadfs3.oneok.com/adfs/ls/
Redirect Chain
  • https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com&sso_reload=true
  • https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736ba37f5&username=james.akingbola%40oneok.com&wa=wsignin1.0&wtrealm=urn%3a...
15 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736ba37f5&username=james.akingbola%40oneok.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATiu9be-vJjs9-iH-u-m-0y_7qKUZmwEfoXGBlfMDJOYpLMSsxNLdZLzM7MS0_Kz0l0yM9Lzc8GKbnFJOhflO6ZEl7slpqSWpRYkpmf94gZt_oLLAKvWHgMmK04OLgEGCQYFBh-sDAuYgW60GaB12PDdBaHeX8lVPUPpDKcYtU3KooyLvP0yQpJ9sguNyl3D0stKTAoTPVLTPIPyghND8sxc3bMNC7LNY8ItDW2MpzAJjSBjekUG8MHNsYOdoZZ7AwHOBkP8DL84Pt55e_vP3tnvfPYIMAAAA2
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.110.141.90 -, , ASN (),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https://password.oneok.com https://oneokadfs3.oneok.com 'unsafe-inline' 'unsafe-eval'; img-src https://password.oneok.com https://oneokadfs3.oneok.com data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://login.microsoftonline.com/?organisation=oneok.com&username=james.akingbola%40oneok.com#/common/authorize?document=0.014418504673251-0ff1-0.71676446949912&auth=10.42938036212203-0.1837159628904
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache,no-store
Content-Length
23860
Content-Security-Policy
default-src https://password.oneok.com https://oneokadfs3.oneok.com 'unsafe-inline' 'unsafe-eval'; img-src https://password.oneok.com https://oneokadfs3.oneok.com data:;
Content-Type
text/html; charset=utf-8
Date
Wed, 01 May 2024 15:03:09 GMT
Expires
-1
Pragma
no-cache
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age = 31536000
X-Content-Type-Options
nosniff
X-Frame-Options
deny
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
596
Content-Type
text/html; charset=utf-8
Date
Wed, 01 May 2024 15:03:08 GMT
Expires
-1
Location
https://oneokadfs3.oneok.com/adfs/ls/?login_hint=james.akingbola%40oneok.com&client-request-id=daad8a5f-f8f4-4eb3-a2f8-aef736ba37f5&username=james.akingbola%40oneok.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATiu9be-vJjs9-iH-u-m-0y_7qKUZmwEfoXGBlfMDJOYpLMSsxNLdZLzM7MS0_Kz0l0yM9Lzc8GKbnFJOhflO6ZEl7slpqSWpRYkpmf94gZt_oLLAKvWHgMmK04OLgEGCQYFBh-sDAuYgW60GaB12PDdBaHeX8lVPUPpDKcYtU3KooyLvP0yQpJ9sguNyl3D0stKTAoTPVLTPIPyghND8sxc3bMNC7LNY8ItDW2MpzAJjSBjekUG8MHNsYOdoZZ7AwHOBkP8DL84Pt55e_vP3tnvfPYIMAAAA2#
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}
x-ms-ests-server
2.1.17910.13 - SEC ProdSlices
x-ms-request-id
e34aa03c-6731-4004-9efd-18252fc06500
x-ms-srs
1.P
style.css
oneokadfs3.oneok.com/adfs/portal/css/ 		0
0
logo.png
oneokadfs3.oneok.com/adfs/portal/logo/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
oneokadfs3.oneok.com
URL
https://oneokadfs3.oneok.com/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
Domain
oneokadfs3.oneok.com
URL
https://oneokadfs3.oneok.com/adfs/portal/logo/logo.png?id=769F499998F1416A01F9633ADCBA76D7B88BD904B4296EDD8AE3A9E1A66194B3

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Domain/Path Name / Value
.mepsandistic.org/ Name: O1jw2E
Value: "MzkxODgyNTktYjFmZC00MTlhLTgwYzItZGRkNjkyMTYwNjc1OjY4ZmZiOWJiLTYyY2ItNDljOS1hNzRhLThjMzI0ZThjZmQ3Zg=="
.login.microsoftonline.com/ Name: esctx-pwQSdZIdkE
Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd83Ad4YzAVqtNqhd5_Sb_chLd78cIPvlytcGQWENq0Aru2kNhSlHr4kGvrRdxfeRlTyID_ZYm8JSoyxQh_Clmu9ZOrtsiOYIHbYtxMZMhOurR4bd2Z29mZk-0C9N72XoknJayFhNcsZ0GAMGX6GeMT8iAA
login.microsoftonline.com/ Name: fpc
Value: Am7oCOy_ectAqFLNnC3R0XE
.login.microsoftonline.com/ Name: esctx
Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8zOE3hVlt5T01jZSovvhMTAb-6KxzZn_g2__YoWf6myAJKhSGFtm0jxoH9LivsOvgrnHAqmt4LdROSWA0a0PbMT45fdmJM0321rP57h_uZk8MJ0V40Zowij9z-G3IqCDkjiJJm7L5qLVenJgukMlNQhqpioaQUzA4IiZ7VVpl0K8gAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
agencelavalle.mx
log1n-approval-expense.mepsandistic.org
login.microsoftonline.com
oneokadfs3.oneok.com
oneokadfs3.oneok.com
135.181.236.6
172.110.141.90
185.42.14.179
2603:1027:1:d8::4
2620:1ec:bdf::45
dfc01aad13ceec871fe4d273481414bf0fbee3be65c5cacdae66d0b5156403cb