onedrive.live.com
Open in
urlscan Pro
13.107.139.11
Public Scan
Effective URL: https://onedrive.live.com/login/
Submission Tags: @phish_report
Submission: On February 10 via api from FI — Scanned from NZ
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on August 6th 2023. Valid for: a year.
This is the only time onedrive.live.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 168.119.151.97 168.119.151.97 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 2 | 13.107.139.11 13.107.139.11 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 2600:1415:11:... 2600:1415:11::1737:f2d3 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 52.109.56.91 52.109.56.91 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 20.42.73.27 20.42.73.27 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
18 | 4 |
ASN24940 (HETZNER-AS, DE)
PTR: rlx11.loginserver.ch
one.novotny.tv |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
onedrive.live.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.pipe.aria.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
live.com
1 redirects
onedrive.live.com — Cisco Umbrella Rank: 1439 odc.officeapps.live.com — Cisco Umbrella Rank: 210 |
110 KB |
4 |
office.net
res-1.cdn.office.net — Cisco Umbrella Rank: 299 |
53 KB |
2 |
microsoft.com
browser.pipe.aria.microsoft.com — Cisco Umbrella Rank: 178 |
320 B |
1 |
novotny.tv
1 redirects
one.novotny.tv |
257 B |
18 | 4 |
Domain | Requested by | |
---|---|---|
11 | odc.officeapps.live.com |
res-1.cdn.office.net
odc.officeapps.live.com |
4 | res-1.cdn.office.net |
onedrive.live.com
res-1.cdn.office.net |
2 | browser.pipe.aria.microsoft.com |
res-1.cdn.office.net
|
2 | onedrive.live.com | 1 redirects |
1 | one.novotny.tv | 1 redirects |
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onedrive.com Microsoft Azure TLS Issuing CA 02 |
2023-08-06 - 2024-06-27 |
a year | crt.sh |
*.res.outlook.com DigiCert SHA2 Secure Server CA |
2023-04-17 - 2024-04-17 |
a year | crt.sh |
odc.officeapps.live.com Microsoft Azure RSA TLS Issuing CA 04 |
2023-12-03 - 2024-11-27 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure RSA TLS Issuing CA 04 |
2023-12-31 - 2024-12-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://onedrive.live.com/login/
Frame ID: 68423DFAC601A98AED7CC0ED305677C3
Requests: 7 HTTP requests in this frame
Frame:
https://odc.officeapps.live.com/odc/v2.0/hrd?rs=en-NZ&Ver=16&app=23&p=6&hm=0
Frame ID: 4C37E3896E8A24EDEE0E65BF8E8D1C1E
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Sign in - Microsoft OneDrivePage URL History Show full URLs
-
http://one.novotny.tv/
HTTP 301
https://onedrive.live.com/about/de-at/signin/ HTTP 302
https://onedrive.live.com/login/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://one.novotny.tv/
HTTP 301
https://onedrive.live.com/about/de-at/signin/ HTTP 302
https://onedrive.live.com/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
onedrive.live.com/login/ Redirect Chain
|
41 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plt.resx-plt.js
res-1.cdn.office.net/files/odsp-web-prod_2024-01-12.008/odcsignin.manifest/en-us/ |
617 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plt.odsp-common.js
res-1.cdn.office.net/files/odsp-web-prod_2024-01-12.008/odcsignin.manifest/ |
126 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
odcsignin.js
res-1.cdn.office.net/files/odsp-web-prod_2024-01-12.008/odcsignin.manifest/ |
16 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.js
res-1.cdn.office.net/files/odsp-web-prod_2024-01-12.008/odcsignin.manifest/ |
51 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd
odc.officeapps.live.com/odc/v2.0/ Frame 4C37 |
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
browser.pipe.aria.microsoft.com/Collector/3.0/ |
0 263 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.css
odc.officeapps.live.com/odc/stat/ Frame 4C37 |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
odc.officeapps.live.com/odc/stat/images/hrd/ Frame 4C37 |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-aad.svg
odc.officeapps.live.com/odc/stat/images/hrd/ Frame 4C37 |
756 B 860 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
picker-account-msa.svg
odc.officeapps.live.com/odc/stat/images/hrd/ Frame 4C37 |
379 B 481 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.4.1.min.js
odc.officeapps.live.com/odc/stat/ Frame 4C37 |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
knockout-3.4.2.js
odc.officeapps.live.com/odc/stat/ Frame 4C37 |
59 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CommonDiagnostics.js
odc.officeapps.live.com/odc/stat/ Frame 4C37 |
40 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsonstrings
odc.officeapps.live.com/odc/ Frame 4C37 |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hrd.min.js
odc.officeapps.live.com/odc/stat/ Frame 4C37 |
16 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Background-blurryGradient.svg
odc.officeapps.live.com/odc/stat/images/hrd/ Frame 4C37 |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
browser.pipe.aria.microsoft.com/Collector/3.0/ |
0 57 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| $B object| $CJ object| Flight function| requirejs function| require function| define function| es6-symbol function| ES6Promise object| $Config object| FilesConfig object| InviteConfig string| __odsp_culture number| g_responseEnd string| backupBaseUrl object| failOverState object| corsMatch function| processConfigToSupportFailOver object| __cdnFailOverState object| odspNextWebpackJsonp function| __debugSetKillSwitch object| ODSP_TELEMETRY_MANAGER object| _perfMarks object| __themeState__ function| __onbeforeunload object| __events__ object| __debugLoggerContext4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.live.com/ | Name: xid Value: 86bc3498-0eff-49a6-9381-f073a5188d7e&&ODSP-ODWEB-ODCF&74 |
|
.live.com/ | Name: E Value: P:LqeGSB4q3Ig=:GaoPW78w6ZdZmt1pu2Iudx01Wia03epy9Y0/t6e2ZBM=:F |
|
.live.com/ | Name: xidseq Value: 2 |
|
.live.com/ | Name: wla42 Value: |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
browser.pipe.aria.microsoft.com
odc.officeapps.live.com
one.novotny.tv
onedrive.live.com
res-1.cdn.office.net
13.107.139.11
168.119.151.97
20.42.73.27
2600:1415:11::1737:f2d3
52.109.56.91
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c60cd6aff6a6febabbc48e9b7692a9c3b369d12d31749f8117d6d0851d5296
1a4117085d85beef199e03ef99af6d9a478a8fc5a166be424eed9b118badb4f7
21f73978ff7de72a49d0df7512d53505691f9618862361735a9428b18b576096
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
351b0f5a8e9b2218b9e4630971f2933e6b4445c60e50b6e778767b6bd7f4617c
3ac82b5a773ea82258a30c60d277acffa832ce446397fcb6abf39726c4330fb5
3ec654e08313d07ef755c2764579afa6ccc08d699f2008ac531740edc20ed8cc
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
773a678845579e6334f19d4e62f29446e7898bd816359c74574e37884503f909
82b66e448d7ef55f73f53a1094167102f115f85c678d0338c817b50698495c4d
90aeeddafbf0fd89c739cf34c85c8469b324a8d0e7d2648d2df1556c70cc0e70
a2dbc31b0b7ee5879eb5a391362d7e3f16d5634038511740a12248cb7a9ffe61
a305fbb2ba223bf3b56bb8776b85f6f40d60dd082a74dbe28d143b5794c7e393
bcb99a12475ddcc9f71447eb321f881eb50d405b86132eadaff7985019e0691b
d86e263c3396f7dbec8ded34c64450139d016d982acb7e5c2fe64c9cbfd045d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855