mso.918b.ml - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 3 HTTP transactions. The main IP is 204.44.125.124, located in San Antonio, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is mso.918b.ml.
TLS certificate: Issued by R3 on July 29th 2022. Valid for: 3 months.

This is the only time mso.918b.ml was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:223... 2600:9000:223d:8e00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2 5	204.44.125.124 204.44.125.124	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
3	1

1 2600:9000:223d:8e00:19:9934:6a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

yd7ki9sh.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 204.44.125.124 (San Antonio, United States) 2 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 204.44.125.124.static.quadranet.com

mso.918b.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wwwofc.918b.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	918b.ml 2 redirects mso.918b.ml wwwofc.918b.ml	24 KB
1	app.link 1 redirects yd7ki9sh.app.link	451 B
3	2

	Domain	Requested by
4	mso.918b.ml	1 redirects mso.918b.ml
1	wwwofc.918b.ml	1 redirects
1	yd7ki9sh.app.link	1 redirects
3	3

This site contains no links.

Subject Issuer	Validity	Valid
918b.ml R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh

This page contains 1 frames:

Frame: https://mso.918b.ml/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.918b.ml%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.918b.ml%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637947175491887545.OWViOWVlMWQtOTEyMy00MmI4LWE5OTgtNjQ4ZDE5OWUyOTJlYmNkZmNhNTgtNDBkOS00MGU4LWEyZjQtMmI4MzVmMmY0NmEw&ui_locales=de-DE&mkt=de-DE&state=ACWSSsRxeqObDT6S0tiIj5-3iA0cBoqiIAat3d1Pm3gZbsGhurIcIBVHdc-vTRNFQASxM49KxqEeC1X0akUecwSmDBHgw8Xku8L0ejBZA0mknQQXBSz0PRMtPSjd72JI15wEmSigylmabrIYXT85fGQd99J7mZshEOYFh0CRvmQmZPe1xFJAtMVp5Y8dCObPt78Db_2AEMUALMasxXFpDlkk_6TqToCmwy0AFGQGkRywNeggpXiyQa43QuDBO8Ni8ltqYgXi-bOJ9_F2UfYJnw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0
Frame ID: CF19D17B2FB97447466CE725D809DBE2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://yd7ki9sh.app.link/ HTTP 307
https://mso.918b.ml/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

1
IPs

1
Countries

22 kB
Transfer

56 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://yd7ki9sh.app.link/ HTTP 307
https://mso.918b.ml/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://mso.918b.ml/ HTTP 302
https://wwwofc.918b.ml/login HTTP 302
https://mso.918b.ml/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.918b.ml%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.918b.ml%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637947175491887545.OWViOWVlMWQtOTEyMy00MmI4LWE5OTgtNjQ4ZDE5OWUyOTJlYmNkZmNhNTgtNDBkOS00MGU4LWEyZjQtMmI4MzVmMmY0NmEw&ui_locales=de-DE&mkt=de-DE&state=ACWSSsRxeqObDT6S0tiIj5-3iA0cBoqiIAat3d1Pm3gZbsGhurIcIBVHdc-vTRNFQASxM49KxqEeC1X0akUecwSmDBHgw8Xku8L0ejBZA0mknQQXBSz0PRMtPSjd72JI15wEmSigylmabrIYXT85fGQd99J7mZshEOYFh0CRvmQmZPe1xFJAtMVp5Y8dCObPt78Db_2AEMUALMasxXFpDlkk_6TqToCmwy0AFGQGkRywNeggpXiyQa43QuDBO8Ni8ltqYgXi-bOJ9_F2UfYJnw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response mso.918b.ml/ Redirect Chain https://yd7ki9sh.app.link/ https://mso.918b.ml/	56 KB 21 KB	1253ms 369ms	Document text/html	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.918b.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `9403fe5c40ffff44f22abd61a7613e8252081ca29e342aedc98c7df3eec2a49e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * content-encoding gzip content-type text/html; charset=utf-8 date Fri, 29 Jul 2022 18:52:25 GMT server nginx/1.21.6 vary Accept-Encoding Redirect headers date Fri, 29 Jul 2022 18:52:24 GMT last-modified Fri, 29 Jul 2022 18:52:24 GMT location https://mso.918b.ml/ server openresty strict-transport-security max-age=31536000; includeSubDomains via 1.1 bfad099b4e1fa2ec7d21876e0293dc20.cloudfront.net (CloudFront) x-amz-cf-id 2KP2dNdFNGHWOsYAlkaU4Z9aVbehyOZiwqbJZ0OOAdaNxRkjYEva7Q== x-amz-cf-pop FRA56-P3 x-cache Miss from cloudfront
POST H2	200	/ Show response mso.918b.ml/	180 B 346 B	380ms 380ms	Fetch application/json	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.918b.ml/ Requested by Host: mso.918b.ml URL: https://mso.918b.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash `67f050d9fb604a2e3dfb5555dceb47efeb27df1d619537cc90e37778199c867b` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Content-Type application/json Response headers access-control-allow-origin * date Fri, 29 Jul 2022 18:52:26 GMT content-encoding gzip server nginx/1.21.6 access-control-allow-headers * vary Accept-Encoding content-type application/json
GET H2	200	authorize mso.918b.ml/common/oauth2/v2.0/ Redirect Chain https://mso.918b.ml/ https://wwwofc.918b.ml/login https://mso.918b.ml/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.918b.ml%2Flandingv2&response_type=code%20id_token&scope=openid%20pr...	0 0	1634ms 1634ms	Document text/html	204.44.125.124 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://mso.918b.ml/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.918b.ml%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.918b.ml%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637947175491887545.OWViOWVlMWQtOTEyMy00MmI4LWE5OTgtNjQ4ZDE5OWUyOTJlYmNkZmNhNTgtNDBkOS00MGU4LWEyZjQtMmI4MzVmMmY0NmEw&ui_locales=de-DE&mkt=de-DE&state=ACWSSsRxeqObDT6S0tiIj5-3iA0cBoqiIAat3d1Pm3gZbsGhurIcIBVHdc-vTRNFQASxM49KxqEeC1X0akUecwSmDBHgw8Xku8L0ejBZA0mknQQXBSz0PRMtPSjd72JI15wEmSigylmabrIYXT85fGQd99J7mZshEOYFh0CRvmQmZPe1xFJAtMVp5Y8dCObPt78Db_2AEMUALMasxXFpDlkk_6TqToCmwy0AFGQGkRywNeggpXiyQa43QuDBO8Ni8ltqYgXi-bOJ9_F2UfYJnw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 Requested by Host: mso.918b.ml URL: https://mso.918b.ml/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 204.44.125.124 San Antonio, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS 204.44.125.124.static.quadranet.com Software nginx/1.21.6 / Resource Hash Request headers Referer https://mso.918b.ml/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-headers * access-control-allow-origin * cache-control no-store, no-cache content-encoding gzip content-type text/html; charset=utf-8 date Fri, 29 Jul 2022 18:52:30 GMT nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} p3p CP="DSP CUR OTPi IND OTRi ONL FIN" pragma no-cache referrer-policy strict-origin-when-cross-origin report-to {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity-nel-measure-office-b854f595.918b.ml/api/report?catId=GW+estsfd+dub2"}]} server nginx/1.21.6 vary Accept-Encoding Accept-Encoding x-ms-clitelem 1,50168,0,, x-ms-ests-server 2.1.13355.6 - NEULR1 ProdSlices x-ms-request-id 088ef339-87ee-4e77-a39a-000e28536f00 Redirect headers access-control-allow-headers * access-control-allow-origin * content-type text/html; charset=utf-8 date Fri, 29 Jul 2022 18:52:29 GMT location https://mso.918b.ml/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwwwofc.918b.ml%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwwwofc.918b.ml%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=637947175491887545.OWViOWVlMWQtOTEyMy00MmI4LWE5OTgtNjQ4ZDE5OWUyOTJlYmNkZmNhNTgtNDBkOS00MGU4LWEyZjQtMmI4MzVmMmY0NmEw&ui_locales=de-DE&mkt=de-DE&state=ACWSSsRxeqObDT6S0tiIj5-3iA0cBoqiIAat3d1Pm3gZbsGhurIcIBVHdc-vTRNFQASxM49KxqEeC1X0akUecwSmDBHgw8Xku8L0ejBZA0mknQQXBSz0PRMtPSjd72JI15wEmSigylmabrIYXT85fGQd99J7mZshEOYFh0CRvmQmZPe1xFJAtMVp5Y8dCObPt78Db_2AEMUALMasxXFpDlkk_6TqToCmwy0AFGQGkRywNeggpXiyQa43QuDBO8Ni8ltqYgXi-bOJ9_F2UfYJnw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.12.1.0 referrer-policy strict-origin-when-cross-origin request-context appId= server nginx/1.21.6 vary Accept-Encoding x-cache CONFIG_NOCACHE x-msedge-ref Ref A: BE3955E5D67B4F47B99D915EEB75FF93 Ref B: EWR311000101047 Ref C: 2022-07-29T18:52:29Z x-ua-compatible IE=edge,chrome=1

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.app.link/	1970-01-20 13:37:36	Name: _s Value: ghrC89%2FkBnnIkZa4qep9B6LXz2EimLTVUbfYg4e7m08duXCMmwQflgbkVJlQ2prp
			.918b.ml/	1970-01-20 05:13:36	Name: __25Kt Value: Yjg1NGY1OTUtNmM4ZC00ZTBkLTk1MTItYzU2YjA2OTFiYmQ0OmIyYjRjNGNhLWEwYWUtNDYwNS1hZTExLWQ5NGNjYmUyMTVmOA==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mso.918b.ml
wwwofc.918b.ml
yd7ki9sh.app.link
204.44.125.124
2600:9000:223d:8e00:19:9934:6a80:93a1
67f050d9fb604a2e3dfb5555dceb47efeb27df1d619537cc90e37778199c867b
9403fe5c40ffff44f22abd61a7613e8252081ca29e342aedc98c7df3eec2a49e

mso.918b.ml Open in urlscan Pro 204.44.125.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

3 Requests

100 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

1 IPs

1 Countries

22 kBTransfer

56 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

2 Cookies

Indicators

mso.918b.ml Open in urlscan Pro
204.44.125.124 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

1
IPs

1
Countries

22 kB
Transfer

56 kB
Size

2
Cookies

3 HTTP transactions
0 data transactions