mso.mscenter-exchangeprotect.ml Open in urlscan Pro
204.44.125.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true
Effective URL:
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true
Submission Tags: falconsandbox
Submission: On July 28 via api (July 28th 2022, 6:54:04 am UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 204.44.125.124, located in San Antonio, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is mso.mscenter-exchangeprotect.ml.
TLS certificate: Issued by R3 on July 27th 2022. Valid for: 3 months.

This is the only time mso.mscenter-exchangeprotect.ml was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 6	204.44.125.124 204.44.125.124		8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
11	2

6 204.44.125.124 (San Antonio, United States) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.44.125.124.static.quadranet.com

mso.mscenter-exchangeprotect.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.mscenter-exchangeprotect.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	mscenter-exchangeprotect.ml 1 redirects mso.mscenter-exchangeprotect.ml login.mscenter-exchangeprotect.ml aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml Failed	213 KB
11	1

	Domain	Requested by
4	mso.mscenter-exchangeprotect.ml	1 redirects mso.mscenter-exchangeprotect.ml
1	aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml	mso.mscenter-exchangeprotect.ml aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
1	login.mscenter-exchangeprotect.ml	mso.mscenter-exchangeprotect.ml
0	portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml Failed	aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
11	4

This site contains no links.

Subject Issuer	Validity	Valid
mscenter-exchangeprotect.ml R3	`2022-07-27` - `2022-10-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true
Frame ID: 7C38EC2621986B353F3FA5D98B94C4D4
Requests: 10 HTTP requests in this frame

Frame: https://portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml/Prefetch/Prefetch.aspx
Frame ID: 4AD1FCECE29A767F1B25AE50DE064AC0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true HTTP 301
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Page URL
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Page URL

Page Statistics

11
Requests

45 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

1
Countries

212 kB
Transfer

782 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true HTTP 301
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Page URL
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true HTTP 301
https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response mso.mscenter-exchangeprotect.ml/ Redirect Chain http://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true	61 KB 23 KB	572ms 376ms	Document text/html	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `bef6897cb728d37db6993e31b20f77a7daf33b6e233f12b560cf43a3b75568d1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * content-encoding gzip content-type text/html; charset=utf-8 date Thu, 28 Jul 2022 06:53:57 GMT server nginx/1.21.6 vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 169 Content-Type text/html Date Thu, 28 Jul 2022 06:53:57 GMT Location https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Server nginx/1.21.6
POST H2	200	/ Show response mso.mscenter-exchangeprotect.ml/	200 B 357 B	380ms 380ms	Fetch application/json	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Requested by Host: mso.mscenter-exchangeprotect.ml URL: https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `f8921ee1de6e54e774fa6f8a2120e23fea5adf85e7bfe516261e1100af8271b5` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Content-Type application/json Response headers access-control-allow-origin * date Thu, 28 Jul 2022 06:53:58 GMT content-encoding gzip server nginx/1.21.6 access-control-allow-headers * vary Accept-Encoding content-type application/json
GET H2	200	Primary Request / Show response mso.mscenter-exchangeprotect.ml/	339 KB 81 KB	2004ms 2004ms	Document text/html	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Requested by Host: mso.mscenter-exchangeprotect.ml URL: https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `3b3e3cf4386eb546bcd5e6f8e289c65e42a960815dd6031f3583dbab1849f97b` Request headers Referer https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Thu, 28 Jul 2022 06:54:00 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-a7bf1c3f.mscenter-exchangeprotect.ml/api/report?catId=GW+estsfd+dub2"}]} server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-ests-server 2.1.13315.8 - SCUS ProdSlices x-ms-request-id f9a2de4a-b370-4069-8b6f-86c30bd44a00
GET H2	200	Me.htm login.mscenter-exchangeprotect.ml/	0 0	2145ms 1433ms	Other text/html	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://login.mscenter-exchangeprotect.ml/Me.htm?v=3 Requested by Host: mso.mscenter-exchangeprotect.ml URL: https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://mso.mscenter-exchangeprotect.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers
GET H2	200	ConvergedLogin_PCore_G9uLwWVLX9pFa198LIT55w2.js Show response aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/js/	382 KB 109 KB	3197ms 2160ms	Script application/x-javascript	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/js/ConvergedLogin_PCore_G9uLwWVLX9pFa198LIT55w2.js Requested by Host: mso.mscenter-exchangeprotect.ml URL: https://mso.mscenter-exchangeprotect.ml/?username=bboyce%40rivian.com&sso_reload=true Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `553a8c24ff59a092a18140d80a8aec7c5a6b6e41c8c198311390bcd3f8b54e47` Request headers Referer https://mso.mscenter-exchangeprotect.ml/ Origin https://mso.mscenter-exchangeprotect.ml accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Thu, 28 Jul 2022 06:54:03 GMT content-encoding gzip last-modified Tue, 05 Jul 2022 18:33:27 GMT server nginx/1.21.6 age 1794013 vary Accept-Encoding, Accept-Encoding x-cache HIT content-type application/x-javascript access-control-allow-origin * x-ms-request-id 8e6d3f76-401e-002e-4efd-91613a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19
GET		Prefetch.aspx portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml/Prefetch/ Frame 4AD1	0 0

GET		converged.v2.login.min_il46_7m1dp2y07llib10fw2.css aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/ests/2.1/content/cdnbundles/	0 0

GET		ux.converged.login.strings-de.min_75ls70pcmyowwllyhvy0uq2.js aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/ests/2.1/content/cdnbundles/	0 0

GET		convergedlogin_pidpdisambiguation_8ce138cbbb82dae8e8bf.js aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/js/asyncchunk/	0 0

GET		marching_ants_white_166de53471265253ab3a456defe6da23.gif aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/images/	0 0

GET		marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml/Prefetch/Prefetch.aspx

Domain: aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/ests/2.1/content/cdnbundles/converged.v2.login.min_il46_7m1dp2y07llib10fw2.css

Domain: aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_75ls70pcmyowwllyhvy0uq2.js

Domain: aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_8ce138cbbb82dae8e8bf.js

Domain: aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif

Domain: aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
URL: https://aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mscenter-exchangeprotect.ml/	1970-01-20 05:11:27	Name: __LnrD Value: YTdiZjFjM2YtMzNlMi00Yzk4LTgzNTMtMmU0MzgyMDVhZTQxOmZkMWQ4OWYyLWI4ZWUtNGZkNi05MTgxLTQxYzUzMDYxZmVmNg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
login.mscenter-exchangeprotect.ml
mso.mscenter-exchangeprotect.ml
portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml
aadcdn-msftauth-a7bf1c3f.mscenter-exchangeprotect.ml
portal-microsoftonline-a7bf1c3f.mscenter-exchangeprotect.ml
204.44.125.124
3b3e3cf4386eb546bcd5e6f8e289c65e42a960815dd6031f3583dbab1849f97b
553a8c24ff59a092a18140d80a8aec7c5a6b6e41c8c198311390bcd3f8b54e47
bef6897cb728d37db6993e31b20f77a7daf33b6e233f12b560cf43a3b75568d1
f8921ee1de6e54e774fa6f8a2120e23fea5adf85e7bfe516261e1100af8271b5

mso.mscenter-exchangeprotect.ml Open in urlscan Pro 204.44.125.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

11 Requests

45 %HTTPS

0 %IPv6

1 Domains

4 Subdomains

2 IPs

1 Countries

212 kBTransfer

782 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

1 Cookies

Indicators

mso.mscenter-exchangeprotect.ml Open in urlscan Pro
204.44.125.124 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

45 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

2
IPs

1
Countries

212 kB
Transfer

782 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions