mqscrp.sophiaworld.net Open in urlscan Pro
172.67.191.199 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://trk.pepisandbox.com/rdz?id=155762=MEwIVwMCBAFRRUYQRhIVQRVCExkZGEIRFBVBF0QRRURFEBhGFhcTF0MZRhBGEhVBFVJPWlFKC0JAWhFfAU...
Effective URL:
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On March 18 via api (March 18th 2024, 1:29:09 pm UTC) from AU — Scanned from AU

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 172.67.191.199, located in United States and belongs to CLOUDFLARENET, US. The main domain is mqscrp.sophiaworld.net.
TLS certificate: Issued by GTS CA 1P5 on March 18th 2024. Valid for: 3 months.

This is the only time mqscrp.sophiaworld.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	202.162.242.179 202.162.242.179	33480 (WEBWERKSAS1) (WEBWERKSAS1)
2 10	172.67.191.199 172.67.191.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

1 202.162.242.179 (India) 1 redirects

ASN33480 (WEBWERKSAS1, US)
PTR: fapp1.netcore.co.in

trk.pepisandbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.67.191.199 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

meheff.sophiaworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mejeff.sophiaworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mqscrp.sophiaworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jrhte.sophiaworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
krvetbr.sophiaworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sophiaworld.net 2 redirects meheff.sophiaworld.net mejeff.sophiaworld.net mqscrp.sophiaworld.net jrhte.sophiaworld.net krvetbr.sophiaworld.net	280 KB
1	pepisandbox.com 1 redirects trk.pepisandbox.com	339 B
15	2

	Domain	Requested by
5	jrhte.sophiaworld.net	mqscrp.sophiaworld.net jrhte.sophiaworld.net
2	mqscrp.sophiaworld.net	jrhte.sophiaworld.net
1	krvetbr.sophiaworld.net	mqscrp.sophiaworld.net
1	mejeff.sophiaworld.net	1 redirects jrhte.sophiaworld.net
1	meheff.sophiaworld.net	1 redirects
1	trk.pepisandbox.com	1 redirects
15	6

This site contains no links.

Subject Issuer	Validity	Valid
sophiaworld.net GTS CA 1P5	`2024-03-18` - `2024-06-16`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true
Frame ID: 9906058F1D34920F6AE74020C447B77B
Requests: 14 HTTP requests in this frame

Frame: https://mejeff.sophiaworld.net/owa/prefetch.aspx
Frame ID: ACEC134DA601551574E912F1CC72BAB1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://trk.pepisandbox.com/rdz?id=155762=MEwIVwMCBAFRRUYQRhIVQRVCExkZGEIRFBVBF0QRRURFEBhGFhcTF0MZRhBGEh... HTTP 302
https://meheff.sophiaworld.net/o365?email=christopher.allan@rpro.tech HTTP 302
https://mejeff.sophiaworld.net/owa/ HTTP 302
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Page Statistics

15
Requests

53 %
HTTPS

0 %
IPv6

2
Domains

6
Subdomains

2
IPs

2
Countries

277 kB
Transfer

1012 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://trk.pepisandbox.com/rdz?id=155762=MEwIVwMCBAFRRUYQRhIVQRVCExkZGEIRFBVBF0QRRURFEBhGFhcTF0MZRhBGEhVBFVJPWlFKC0JAWhFfAUNLBQlcWQh2RUNFDBcSVQVaSVACUwMIAQpVBwYHVg5XCVddGVhMEkYNHBgXSw0eFldFCEYDXV1bVxofV1oMGBZVH1sMVEQQBQ== HTTP 302
https://meheff.sophiaworld.net/o365?email=christopher.allan@rpro.tech HTTP 302
https://mejeff.sophiaworld.net/owa/ HTTP 302
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w Page URL
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://trk.pepisandbox.com/rdz?id=155762=MEwIVwMCBAFRRUYQRhIVQRVCExkZGEIRFBVBF0QRRURFEBhGFhcTF0MZRhBGEhVBFVJPWlFKC0JAWhFfAUNLBQlcWQh2RUNFDBcSVQVaSVACUwMIAQpVBwYHVg5XCVddGVhMEkYNHBgXSw0eFldFCEYDXV1bVxofV1oMGBZVH1sMVEQQBQ== HTTP 302
https://meheff.sophiaworld.net/o365?email=christopher.allan@rpro.tech HTTP 302
https://mejeff.sophiaworld.net/owa/ HTTP 302
https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	authorize mqscrp.sophiaworld.net/common/oauth2/ Redirect Chain http://trk.pepisandbox.com/rdz?id=155762=MEwIVwMCBAFRRUYQRhIVQRVCExkZGEIRFBVBF0QRRURFEBhGFhcTF0MZRhBGEhVBFVJPWlFKC0JAWhFfAUNLBQlcWQh2RUNFDBcSVQVaSVACUwMIAQpVBwYHVg5XCVddGVhMEkYNHBgXSw0eFldFCEYDXV1b... https://meheff.sophiaworld.net/o365?email=christopher.allan@rpro.tech https://mejeff.sophiaworld.net/owa/ https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-0000...	21 KB 10 KB	1222ms 976ms	Document text/html	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 866591c67984a87a-SYD content-encoding br content-type text/html; charset=utf-8 date Mon, 18 Mar 2024 13:29:04 GMT expires -1 nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]} server cloudflare vary Accept-Encoding x-ms-ests-server 2.1.17573.4 - NEULR1 ProdSlices x-ms-request-id 03290fe0-ba1e-469b-bf27-901b00612600 Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 866591bdbe50a87a-SYD content-type text/html; charset=utf-8 date Mon, 18 Mar 2024 13:29:03 GMT location https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w nel {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} p3p CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" report-to {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=AMS&RemoteIP=2602:fa08:20::"}],"include_subdomains":true} request-id 595ba279-c4d7-9167-beed-1a0dd4396de9 server cloudflare x-backend-begin 2024-03-18T13:29:03.060 x-backend-end 2024-03-18T13:29:03.060 x-backendhttpstatus 302 302 x-beserver AS8P250MB0249 x-besku WCS7 x-calculatedbetarget AS8P250MB0249.EURP250.PROD.OUTLOOK.COM x-calculatedfetarget AS9PR06CU001.internal.outlook.com x-diaginfo AS8P250MB0249 x-feefzinfo AMS x-feproxyinfo AM9P250CA0018.EURP250.PROD.OUTLOOK.COM x-feserver AS9PR06CA0002 AM9P250CA0018 x-firsthopcafeefz AMS x-iids 0 x-owa-diagnosticsinfo 1;0;0 x-proxy-backendserverstatus 302 x-proxy-routingcorrectness 1 x-rum-notupdatequerieddbcopy 1 x-rum-notupdatequeriedpath 1 x-rum-validated 1 x-ua-compatible IE=EmulateIE7
GET H2	200	BssoInterrupt_Core_GW4zPEKtwiiwtRHaCqGPVw2.js jrhte.sophiaworld.net/shared/1.0/content/js/	138 KB 50 KB	118ms 14ms	Script application/x-javascript	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jrhte.sophiaworld.net/shared/1.0/content/js/BssoInterrupt_Core_GW4zPEKtwiiwtRHaCqGPVw2.js Requested by Host: mqscrp.sophiaworld.net URL: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 18 Mar 2024 13:29:05 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1234 x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Thu, 15 Feb 2024 19:13:24 GMT server cloudflare x-azure-ref 20240318T130830Z-1gcse90awx3xr8nnvyv2hz1q8000000006pg00000000n2c2 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UDWYoYwiCIhPuXI6mxyax0LS7r6dgqubrs8Ik5MYw1DwSmhKXBlWQUSczSkmsP6eArEROHS5iQYi8%2BcUsrgUIZrxRr4oKCmqcon0W%2FcYflCkfT8l%2BPHY%2Fh1Xm9fKVN4F6fXAPr9joOY%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id b997b50d-901e-001f-56a6-75dca3000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 866591cf0c6aa87a-SYD
GET H2	200	Primary Request authorize Show response mqscrp.sophiaworld.net/common/oauth2/	38 KB 16 KB	913ms 912ms	Document text/html	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Requested by Host: jrhte.sophiaworld.net URL: https://jrhte.sophiaworld.net/shared/1.0/content/js/BssoInterrupt_Core_GW4zPEKtwiiwtRHaCqGPVw2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3ddda3fccdffb5a9e914b9bd82ab1f5379ad4b83edecb22717dfaa8bf088f2e0` Request headers Referer https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 866591cffcb0a87a-SYD content-encoding br content-type text/html; charset=utf-8 date Mon, 18 Mar 2024 13:29:06 GMT expires -1 link <https://aadcdn.msauth.net>; rel=preconnect; crossorigin <https://aadcdn.msauth.net>; rel=dns-prefetch <https://aadcdn.msftauth.net>; rel=dns-prefetch nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]} server cloudflare vary Accept-Encoding x-dns-prefetch-control on x-ms-ests-server 2.1.17573.4 - NEULR1 ProdSlices x-ms-request-id 2075846d-63e7-40dd-b732-355ba5df2300
GET H2	200	Me.htm krvetbr.sophiaworld.net/	0 0	1413ms 1309ms	Other text/html	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://krvetbr.sophiaworld.net/Me.htm?v=3 Requested by Host: mqscrp.sophiaworld.net URL: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers
GET H2	200	converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css jrhte.sophiaworld.net/ests/2.1/content/cdnbundles/	110 KB 20 KB	1747ms 1746ms	Stylesheet text/css	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jrhte.sophiaworld.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css Requested by Host: mqscrp.sophiaworld.net URL: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41` Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 18 Mar 2024 13:29:08 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Wed, 27 Dec 2023 18:18:12 GMT server cloudflare x-azure-ref 20240318T132907Z-1x5cktsmnh5bm8b4q1ure7t87800000004f000000000c0bb report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ftUt7A7fnMwad71GCpzYPWHFXiSzGP3qti8m%2BWvthPzI%2FjDv%2B4AF7syCDLRfdBvaeGuxR3ydyyq%2FgXpRbahD028%2FWKsRGAe%2FRmE%2F8niA4oCi5lhhxeKc9M2TtkO7GQBjWwyAsfdCJzA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * x-ms-request-id a42f4456-e01e-0078-4065-764f8f000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 866591d92828a87a-SYD
GET H2	200	ConvergedLogin_PCore_Hl2bk1L3qQZ3wvMD_PMo5Q2.js Show response jrhte.sophiaworld.net/shared/1.0/content/js/	433 KB 114 KB	2477ms 2476ms	Script application/x-javascript	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jrhte.sophiaworld.net/shared/1.0/content/js/ConvergedLogin_PCore_Hl2bk1L3qQZ3wvMD_PMo5Q2.js Requested by Host: mqscrp.sophiaworld.net URL: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2a310980366e4aec64c7f1e74b45ba7cd73b49ac1839825c8b69bcbc0c4e327c` Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 18 Mar 2024 13:29:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Tue, 27 Feb 2024 20:32:40 GMT server cloudflare x-azure-ref 20240318T132907Z-y4939yktah0e7c0nd6mv5t2k8s00000004dg00000000029w report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkSmOEV8PZomB3SC5t5nayEVqfsD%2BLkYP4N59di5Hy32dI6HY6jYjL%2B9N5qGO9%2FtTHjEhOiqO%2FrsN3friXcKi%2Blya4UzydIyuh2H19UiKXGQbGrLTkAdoyaDFcqtPfpGM4mkbLF36s8%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id d3cb8580-a01e-0040-6aff-76368f000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 866591d9282ba87a-SYD
GET H2	200	ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js Show response jrhte.sophiaworld.net/ests/2.1/content/cdnbundles/	54 KB 16 KB	1554ms 1554ms	Script application/x-javascript	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jrhte.sophiaworld.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js Requested by Host: mqscrp.sophiaworld.net URL: https://mqscrp.sophiaworld.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=595ba279-c4d7-9167-beed-1a0dd4396de9&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9&state=DYsxFoAgDMWKPo9Tqf5S8DgIdnX0-nZIMiUR0RosQZIQVUNTgxUoxOSsB_bpFrHBj6uxije-fYBnL0_17ih-pXi3_H49_w&sso_reload=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30ff8ef06932efa5ba690bf160eea1fc719d3f2a3d756bd3a9b4c837f7220b0c` Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 18 Mar 2024 13:29:08 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Sat, 17 Feb 2024 05:09:10 GMT server cloudflare x-azure-ref 20240318T132907Z-y4939yktah0e7c0nd6mv5t2k8s00000004dg00000000029x report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUYoc7Qj0T%2FNw%2BTofKyOXx%2FhGDL%2BI31fhtrrUzI5pO8h3WHXJnb20F%2Bb1lqvECsoy9fq6I7kkXvrmS3VzjXEOVI7sww%2BCMMF%2FOpCaq40Ndyri7J8B%2FBzxUVdG6kOlxF6eKNu%2F%2BbuliI%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 8295ccf6-701e-0011-33f8-767ebe000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 866591d9282da87a-SYD
GET H2	200	convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js Show response jrhte.sophiaworld.net/shared/1.0/content/js/asyncchunk/	219 KB 51 KB	15ms 14ms	Script application/x-javascript	172.67.191.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jrhte.sophiaworld.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js Requested by Host: jrhte.sophiaworld.net URL: https://jrhte.sophiaworld.net/shared/1.0/content/js/ConvergedLogin_PCore_Hl2bk1L3qQZ3wvMD_PMo5Q2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.191.199 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `df2e852c347ecf82f70a0c8a4b91713fbb0914d58f2cbab01316bfe646abee7c` Request headers accept-language en-AU,en;q=0.9 Referer https://mqscrp.sophiaworld.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Mon, 18 Mar 2024 13:29:09 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1230 x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 alt-svc h3=":443"; ma=86400 x-ms-lease-status unlocked last-modified Thu, 15 Feb 2024 19:13:15 GMT server cloudflare x-azure-ref 20240318T130839Z-1gcse90awx3xr8nnvyv2hz1q8000000006pg00000000n317 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F55tu2tg%2F%2FJDwLANWWuKxryE0aNWJ9R10NFA5zS4aNcwwz4J82P9oa1Euju1WFr8BltCxKjVJuPRygNfyThe%2BUy1T3v4CCJzi71T9YeN5B81PYbQmHwKTYfbSvEZBONZPat1L5%2BzeaE%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * x-ms-request-id 0e88ef56-a01e-0014-7b68-75f9b4000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 vary Accept-Encoding cf-ray 866591e8edd2a87a-SYD
GET		prefetch.aspx mejeff.sophiaworld.net/owa/ Frame ACEC	0 0

GET		49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg jrhte.sophiaworld.net/shared/1.0/content/images/appbackgrounds/	0 0

GET		49_6ffe0a92d779c878835b40171ffc2e13.jpg jrhte.sophiaworld.net/shared/1.0/content/images/appbackgrounds/	0 0

GET		53_7a3c80bf9694448bac31a9589d2e9e92.png jrhte.sophiaworld.net/shared/1.0/content/images/applogos/	0 0

GET		microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg jrhte.sophiaworld.net/shared/1.0/content/images/	0 0

GET		convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js jrhte.sophiaworld.net/shared/1.0/content/js/asyncchunk/	0 0

GET		signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg jrhte.sophiaworld.net/shared/1.0/content/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mejeff.sophiaworld.net
URL: https://mejeff.sophiaworld.net/owa/prefetch.aspx

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js

Domain: jrhte.sophiaworld.net
URL: https://jrhte.sophiaworld.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sophiaworld.net/	1970-01-20 19:12:52	Name: Vrpv Value: 51f8524d1cead0d13ff3800b374645c96f4429a648e6491c543b879f523c94f3
mejeff.sophiaworld.net/	1970-01-21 03:58:24	Name: ClientId Value: 6272758757164D56A4E49710CA8A2476
mejeff.sophiaworld.net/	1970-01-20 23:37:46	Name: OIDC Value: 1
mejeff.sophiaworld.net/	1970-01-20 19:12:52	Name: OpenIdConnect.nonce.v3.B_LeeeptAfSQ9Ybr9LZy9jzZUu-C1WEF_7vevEVs5gQ Value: 638463653430602713.df67136c-ef46-40f8-bfc3-da5e7faf35f9
mejeff.sophiaworld.net/	1970-01-20 19:13:10	Name: X-OWA-RedirectHistory Value: ArLym14B2au6YE9H3Ag
.mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: esctx-rnYpTqtRoZM Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8ZlFD5Xf97xRzcJmBfjtI_49x2O3N7n9g3hg1NyNRPfab7JBRWzUDBL0kBf8SRpwT1HxiXxH0GVPdwVsBqt_IBegkPsHaAS65jv666xnNYK-ZO0AOGzcSEXNkmtd4RPlmMZBtbnZ9eii2OylVHTJghyAA
mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
mqscrp.sophiaworld.net/	1970-01-20 19:12:48	Name: SSOCOOKIEPULLED Value: 1
mqscrp.sophiaworld.net/	1970-01-20 19:56:00	Name: buid Value: 0.AUsAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8Lxep63IBZA1ZGcujfiXbFczu5MAwHfrZ8WoS9acOnwM-kKJHQxWUKM5uWI-NRzhFL7RwJXi7GpLfhGls1aIKHEjtZpRIfL-eRPEMr5o1w5kgAA
.mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8O7fI6X6kl63ToAYw61RTeK09VaPfre0u1GptLaIEPIMP0P8G4IVLDULmBcczfrZN2EMOt2NO4-6tfqxINtSC_M8abVTNFaJm-YEnabbZ8FzROI73qBi6Fq5IATwYUnlGX99J80QzTulDWLdYPkLJV4hfrNBsy59hG35ZZMtomL8gAA
.mqscrp.sophiaworld.net/	1969-12-31 23:59:59	Name: esctx-fFkzLxmJTiU Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8Cq9slD3K1HOmA2Lbn5PgbfR3MtJbfLtSMiYZJ0CHLQ8EPf6B7mTcSlb9NThZOBnhGv-v9X9SzK8M96hPibq5QbC-OUdG85SCzDLX5xlv-m2GL3pLhvy6Z7h-qGGMPbd9xFekDaIr49-fkRibJrmkDSAA
mqscrp.sophiaworld.net/	1970-01-20 19:56:00	Name: fpc Value: Amx-6vXZ9QdMjEpR0sL7E1yerOTJAQAAAKE4it0OAAAA
.krvetbr.sophiaworld.net/	1969-12-31 23:59:59	Name: uaid Value: 3ba49b13cd574c8b81406fa038f2aa1b
.krvetbr.sophiaworld.net/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1710768547&co=1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jrhte.sophiaworld.net
krvetbr.sophiaworld.net
meheff.sophiaworld.net
mejeff.sophiaworld.net
mqscrp.sophiaworld.net
trk.pepisandbox.com
jrhte.sophiaworld.net
mejeff.sophiaworld.net
172.67.191.199
202.162.242.179
2a310980366e4aec64c7f1e74b45ba7cd73b49ac1839825c8b69bcbc0c4e327c
30ff8ef06932efa5ba690bf160eea1fc719d3f2a3d756bd3a9b4c837f7220b0c
3ddda3fccdffb5a9e914b9bd82ab1f5379ad4b83edecb22717dfaa8bf088f2e0
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41
df2e852c347ecf82f70a0c8a4b91713fbb0914d58f2cbab01316bfe646abee7c

mqscrp.sophiaworld.net Open in urlscan Pro 172.67.191.199 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

15 Requests

53 %HTTPS

0 %IPv6

2 Domains

6 Subdomains

2 IPs

2 Countries

277 kBTransfer

1012 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

16 Cookies

Indicators

mqscrp.sophiaworld.net Open in urlscan Pro
172.67.191.199 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

53 %
HTTPS

0 %
IPv6

2
Domains

6
Subdomains

2
IPs

2
Countries

277 kB
Transfer

1012 kB
Size

16
Cookies

15 HTTP transactions
0 data transactions