urlscan.io logo urlscan.io
SecurityTrails logo

onedrive.live.com Open in urlscan Pro
13.107.42.13  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hotelgrandpapua.com/xls-files/excel/wait.php
Effective URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Submission: On August 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 6 countries across 7 domains to perform 21 HTTP transactions. The main IP is 13.107.42.13, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is onedrive.live.com.
TLS certificate: Issued by Microsoft IT TLS CA 2 on June 25th 2019. Valid for: 2 years.
This is the only time onedrive.live.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
4 203.80.8.102 24204 (SATNETCOM...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 13.107.42.13 8068 (MICROSOFT...)
6 2.16.186.40 20940 (AKAMAI-ASN1)
4 13.95.147.73 8075 (MICROSOFT...)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
21 8
4    203.80.8.102 (Balikpapan, Indonesia)

ASN24204 (SATNETCOM-AS-ID Satnetcom Balikpapan PT., ID)
PTR: hosting.satnetcom.net.id
hotelgrandpapua.com
1    2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    13.107.42.13 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
onedrive.live.com
6    2.16.186.40 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-40.deploy.static.akamaitechnologies.com
spoprod-a.akamaihd.net
4    13.95.147.73 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
p.sfx.ms
2    52.142.114.2 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.live.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
Domain Requested by
6 spoprod-a.akamaihd.net onedrive.live.com
4 p.sfx.ms onedrive.live.com
spoprod-a.akamaihd.net
4 hotelgrandpapua.com hotelgrandpapua.com
3 onedrive.live.com spoprod-a.akamaihd.net
2 c.live.com 1 redirects
2 fonts.gstatic.com
1 c.bing.com 1 redirects
1 fonts.googleapis.com hotelgrandpapua.com
21 8
Subject Issuer Validity Valid
hotelgrandpapua.com
Let's Encrypt Authority X3		 2020-07-14 -
2020-10-12		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
onedrive.com
Microsoft IT TLS CA 2		 2019-06-25 -
2021-06-25		 2 years crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2020-07-15 -
2021-09-13		 a year crt.sh
c.msn.com
Microsoft IT TLS CA 2		 2020-04-23 -
2022-04-23		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Frame ID: 03668324C9D2D3C1174258D2CF72114F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://hotelgrandpapua.com/xls-files/excel/wait.php Page URL
  2. https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

21
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

8
IPs

6
Countries

550 kB
Transfer

946 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hotelgrandpapua.com/xls-files/excel/wait.php Page URL
  2. https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252Apagenotfounderror.%26PLT%3D895%26IR%3D1%26EX%3D0%26L.h%3D453%26L.bc%3D460%26L.ac%3D611%26L.f%3D619%26L.sjs%3D851%26L.ttg%3D460%26C.st%3D1597156626434%26N.domIn%3D619%26N.dns%3D5%26N.tcp%3D65%26N.req%3D294%26N.resp%3D126%26N.navType%3D0%26N.redirectCount%3D0&r=0.09651629724630739 HTTP 302
  • https://c.bing.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252Apagenotfounderror.%26PLT%3D895%26IR%3D1%26EX%3D0%26L.h%3D453%26L.bc%3D460%26L.ac%3D611%26L.f%3D619%26L.sjs%3D851%26L.ttg%3D460%26C.st%3D1597156626434%26N.domIn%3D619%26N.dns%3D5%26N.tcp%3D65%26N.req%3D294%26N.resp%3D126%26N.navType%3D0%26N.redirectCount%3D0&r=0.09651629724630739&CtsSyncId=1634B02C01D54CCA8DB93BC6DB257ED7&RedC=c.live.com&MXFR=035346CA8C8961B03F2F49E9888965CE HTTP 302
  • https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252Apagenotfounderror.%26PLT%3D895%26IR%3D1%26EX%3D0%26L.h%3D453%26L.bc%3D460%26L.ac%3D611%26L.f%3D619%26L.sjs%3D851%26L.ttg%3D460%26C.st%3D1597156626434%26N.domIn%3D619%26N.dns%3D5%26N.tcp%3D65%26N.req%3D294%26N.resp%3D126%26N.navType%3D0%26N.redirectCount%3D0&r=0.09651629724630739&CtsSyncId=1634B02C01D54CCA8DB93BC6DB257ED7&MUID=32CCFE4691376B0F347AF16590E56A49

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
wait.php
hotelgrandpapua.com/xls-files/excel/ 		1021 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hotelgrandpapua.com/xls-files/excel/wait.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.80.8.102 Balikpapan, Indonesia, ASN24204 (SATNETCOM-AS-ID Satnetcom Balikpapan PT., ID),
Reverse DNS
hosting.satnetcom.net.id
Software
Apache /
Resource Hash
8cd55ae805a8a02ea21945cf5ff4e03d2b6030145678bcdda1932813f27667de

Request headers

Host
hotelgrandpapua.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 14:37:01 GMT
Server
Apache
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
wait.css
hotelgrandpapua.com/xls-files/excel/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hotelgrandpapua.com/xls-files/excel/css/wait.css
Requested by
Host: hotelgrandpapua.com
URL: https://hotelgrandpapua.com/xls-files/excel/wait.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.80.8.102 Balikpapan, Indonesia, ASN24204 (SATNETCOM-AS-ID Satnetcom Balikpapan PT., ID),
Reverse DNS
hosting.satnetcom.net.id
Software
Apache /
Resource Hash
24b23108d8add5179b34f3d3840e1d95fcd4f9a4d6c05c0d9cacc0a2820edd01

Request headers

Referer
https://hotelgrandpapua.com/xls-files/excel/wait.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 14:37:02 GMT
Last-Modified
Mon, 18 Nov 2019 04:29:20 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
3806
Content-Type
text/css
ex.png
hotelgrandpapua.com/xls-files/excel/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hotelgrandpapua.com/xls-files/excel/img/ex.png
Requested by
Host: hotelgrandpapua.com
URL: https://hotelgrandpapua.com/xls-files/excel/wait.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.80.8.102 Balikpapan, Indonesia, ASN24204 (SATNETCOM-AS-ID Satnetcom Balikpapan PT., ID),
Reverse DNS
hosting.satnetcom.net.id
Software
Apache /
Resource Hash
5cfa556160a353d37185d8cbcf478f97b215f7d57d9821f20981bd0a4ad1fdd4

Request headers

Referer
https://hotelgrandpapua.com/xls-files/excel/wait.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 14:37:02 GMT
Last-Modified
Mon, 18 Nov 2019 04:29:20 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
8180
Content-Type
image/png
css
fonts.googleapis.com/ 		3 KB
642 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:400,700
Requested by
Host: hotelgrandpapua.com
URL: https://hotelgrandpapua.com/xls-files/excel/wait.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
34401e82a1141472df1697a141aa50812c17e6138424ca4caba5f3fc69885f4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hotelgrandpapua.com/xls-files/excel/wait.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 11 Aug 2020 12:52:26 GMT
server
ESF
date
Tue, 11 Aug 2020 14:37:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 11 Aug 2020 14:37:03 GMT
pdf.png
hotelgrandpapua.com/xls-files/excel/img/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hotelgrandpapua.com/xls-files/excel/img/pdf.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
203.80.8.102 Balikpapan, Indonesia, ASN24204 (SATNETCOM-AS-ID Satnetcom Balikpapan PT., ID),
Reverse DNS
hosting.satnetcom.net.id
Software
Apache /
Resource Hash
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf

Request headers

Referer
https://hotelgrandpapua.com/xls-files/excel/css/wait.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 11 Aug 2020 14:37:03 GMT
Last-Modified
Mon, 18 Nov 2019 04:29:20 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
74994
Content-Type
image/png
jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2
fonts.gstatic.com/s/ptsans/v11/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v11/jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Sans:400,700
Origin
https://hotelgrandpapua.com

Response headers

date
Wed, 15 Jul 2020 22:10:13 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:28:25 GMT
server
sffe
age
2305610
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11504
x-xss-protection
0
expires
Thu, 15 Jul 2021 22:10:13 GMT
jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v11/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v11/jizaRExUiTo99u79D0KExcOPIDU.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Sans:400,700
Origin
https://hotelgrandpapua.com

Response headers

date
Wed, 15 Jul 2020 19:17:20 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:28:02 GMT
server
sffe
age
2315983
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11380
x-xss-protection
0
expires
Thu, 15 Jul 2021 19:17:20 GMT
Primary Request edit.aspx
onedrive.live.com/ 		77 KB
78 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.13 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
18f13ce626cb89d034ad5569a8f258a99febb29d6c985aedfe267e40fde82147
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
onedrive.live.com
:scheme
https
:path
/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://hotelgrandpapua.com/xls-files/excel/wait.php
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://hotelgrandpapua.com/xls-files/excel/wait.php

Response headers

status
404
cache-control
no-cache, no-store
pragma
no-cache
content-length
78760
content-type
text/html; charset=utf-8
expires
-1
set-cookie
E=P:ItN8BQQ+2Ig=:SjmHmDaVNQPkI0aT/XqowQbBlvGbNHKneieCwutq1iY=:F; domain=.live.com; path=/ xid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&&RD00155D5EDD63&267; domain=.live.com; path=/ xidseq=1; domain=.live.com; path=/ LD=; domain=.live.com; expires=Tue, 11-Aug-2020 12:57:06 GMT; path=/ wla42=; domain=live.com; expires=Tue, 18-Aug-2020 14:37:06 GMT; path=/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-msnserver
RD00155D5EDD63
x-odwebserver
canadaeast1-odwebpl
x-msedge-ref
Ref A: 53162BCF1756446698433B47B09F072A Ref B: ZRHEDGE0820 Ref C: 2020-08-11T14:37:06Z
date
Tue, 11 Aug 2020 14:37:06 GMT
maincss-306e9206.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002// 		136 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002//maincss-306e9206.css
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c1c386e0a32dd7b53e751e38e41090406b11f8e5076288ba669d20e2254e1ae9

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:06 GMT
content-encoding
gzip
content-md5
MG6SBiafYOmFE42v9YjDgQ==
status
200
content-length
25510
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:13 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EF9D5A9F4F
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
cb16850c-401e-0035-0548-46b387000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25869435
x-ms-version
2009-09-19
timing-allow-origin
*
wlx_fonts-c7993ded.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002// 		123 KB
93 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002//wlx_fonts-c7993ded.css
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
455be57e5ca76be462428c7b127d03d0245952b7e00ca14e8bcb3bfe7584c758

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:06 GMT
content-encoding
gzip
content-md5
x5k97ZNOTA+fsPCUPRp4Qw==
status
200
content-length
94644
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:28 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EFA6B29828
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
c9a552c3-001e-0010-6f4d-462b34000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25867886
x-ms-version
2009-09-19
timing-allow-origin
*
invis.gif
p.sfx.ms/is/ 		43 B
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.sfx.ms/is/invis.gif
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.95.147.73 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 14:37:06 GMT
x-msnserver
RD0003FF23C253
last-modified
Tue, 14 Jul 2020 22:02:00 GMT
server
Microsoft-IIS/10.0
etag
"29133c662a5ad61:0"
content-type
image/gif
status
200
cache-control
public,max-age=86400
x-odwebserver
westeurope1-odwebp
accept-ranges
bytes
content-length
43
command5.png
p.sfx.ms/h/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.sfx.ms/h/command5.png
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.95.147.73 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fa2812dcf55c99cefe93319f1992b381e6f4203d7cebb61308d35f335934d953

Request headers

Referer
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 14:37:06 GMT
x-msnserver
RD0003FF23C253
last-modified
Tue, 14 Jul 2020 22:01:59 GMT
server
Microsoft-IIS/10.0
etag
"93567d652a5ad61:0"
content-type
image/png
status
200
cache-control
public,max-age=86400
x-odwebserver
westeurope1-odwebp
accept-ranges
bytes
content-length
3872
OneDriveLogoLight4.png
p.sfx.ms/images/ 		881 B
970 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.sfx.ms/images/OneDriveLogoLight4.png
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.95.147.73 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f393d34deb9194264b81ee3d939301c39f9b8a892811c0d5d20aa2030474bbbe

Request headers

Referer
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 14:37:06 GMT
x-msnserver
RD0003FF23C253
last-modified
Tue, 14 Jul 2020 22:01:59 GMT
server
Microsoft-IIS/10.0
etag
"1c17df652a5ad61:0"
content-type
image/png
status
200
cache-control
public,max-age=86400
x-odwebserver
westeurope1-odwebp
accept-ranges
bytes
content-length
881
truncated
/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07ec698b1036cdfbb8892f02d9510f5f671284fca9fa003b883996da040a444b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://onedrive.live.com

Response headers

Content-Type
font/woff;charset=utf-8
truncated
/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6103756591a0902515ab10671ed7dcab4100573121ec704e75433abb453f5cb9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://onedrive.live.com

Response headers

Content-Type
font/woff;charset=utf-8
truncated
/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3711ba98ca34a5bc5ce6b79de62a1a2eee453f413d2123e912d1ae6b0b0c8b33

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
Origin
https://onedrive.live.com

Response headers

Content-Type
font/woff;charset=utf-8
jquery-1.7.2-39eeb07e.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/ 		92 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/jquery-1.7.2-39eeb07e.js
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:07 GMT
content-encoding
gzip
content-md5
Oe6wfmgC4rV/XhCprZvKJA==
status
200
content-length
33335
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:11 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EF9C225C2E
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb161e15-401e-0035-2348-46b387000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25869670
x-ms-version
2009-09-19
timing-allow-origin
*
legacy_s_legacy-e428f2e2.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/ 		49 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy_s_legacy-e428f2e2.js
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d99623aba05a3d0cf5136c6c3f36480157398125156736f9990b2f023baeb3c2

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:07 GMT
content-encoding
gzip
content-md5
5Cjy4oXgEhDdOXP/dhuH8A==
status
200
content-length
16428
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:11 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EF9C9B7297
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb16858f-401e-0035-7b48-46b387000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25869456
x-ms-version
2009-09-19
timing-allow-origin
*
legacy1-1a09fb82.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/ 		240 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy1-1a09fb82.js
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:07 GMT
content-encoding
gzip
content-md5
Ggn7gueKPiHpfZ+v/jXjxw==
status
200
content-length
85461
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:12 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EF9CD1324D
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb1685b4-401e-0035-1d48-46b387000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25869710
x-ms-version
2009-09-19
timing-allow-origin
*
legacy0-e2cc9701.js
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy0-e2cc9701.js
Requested by
Host: onedrive.live.com
URL: https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-40.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 11 Aug 2020 14:37:07 GMT
content-encoding
gzip
content-md5
4syXAQmhJXn2OCLqkfbg6Q==
status
200
content-length
6058
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jul 2019 17:35:11 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D711EF9C7DD31F
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb1685f6-401e-0035-5748-46b387000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=25869766
x-ms-version
2009-09-19
timing-allow-origin
*
clientstring.mvc
onedrive.live.com/handlers/ 		981 B
978 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=wlive&v=19.419.0221.2001&useRequiresJs=False
Requested by
Host: spoprod-a.akamaihd.net
URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/legacy1-1a09fb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.13 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
63f1d4b85cbc2a65366cb7ab8253f351def7129e5a50c8e5ebe809fe5894a9d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
x-msedge-ref
Ref A: D306BE7AC4AE41428C45FEBF0EB2E0BD Ref B: ZRHEDGE0820 Ref C: 2020-08-11T14:37:07Z
x-odwebserver
canadaeast1-odwebpl
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
date
Tue, 11 Aug 2020 14:37:07 GMT
x-msnserver
RD00155D5EDD63
expires
Wed, 11 Aug 2021 14:37:07 GMT
c.gif
c.live.com/
Redirect Chain
  • https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A...
  • https://c.bing.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A...
  • https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A...
42 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252Apagenotfounderror.%26PLT%3D895%26IR%3D1%26EX%3D0%26L.h%3D453%26L.bc%3D460%26L.ac%3D611%26L.f%3D619%26L.sjs%3D851%26L.ttg%3D460%26C.st%3D1597156626434%26N.domIn%3D619%26N.dns%3D5%26N.tcp%3D65%26N.req%3D294%26N.resp%3D126%26N.navType%3D0%26N.redirectCount%3D0&r=0.09651629724630739&CtsSyncId=1634B02C01D54CCA8DB93BC6DB257ED7&MUID=32CCFE4691376B0F347AF16590E56A49
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://onedrive.live.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Aug 2020 14:37:06 GMT
etag
"9b2fd78e4b1ed61:0"
last-modified
Wed, 29 Apr 2020 17:28:12 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
200
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Tue, 11 Aug 2020 14:37:06 GMT
x-msedge-ref
Ref A: E48886E1CCDF454BA0FE42C6C1C9E17D Ref B: FRAEDGE1316 Ref C: 2020-08-11T14:37:07Z
x-powered-by
ASP.NET
status
302
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.live.com/c.gif?DI=15347&wlxid=cc8c7e0f-58cc-445b-9fbc-9ade8394476b&reqid=00163c0ae8a&csiperf=ANON%3D%26NL%3D0%26TP%3D0%26CL%3DRD00155D5EDD63%26MA%3Den-US%26B%3D0.0.0%26TR%3DNA%252ANA%252A%253ASDX.Skydrive%252Apagenotfounderror.%26PLT%3D895%26IR%3D1%26EX%3D0%26L.h%3D453%26L.bc%3D460%26L.ac%3D611%26L.f%3D619%26L.sjs%3D851%26L.ttg%3D460%26C.st%3D1597156626434%26N.domIn%3D619%26N.dns%3D5%26N.tcp%3D65%26N.req%3D294%26N.resp%3D126%26N.navType%3D0%26N.redirectCount%3D0&r=0.09651629724630739&CtsSyncId=1634B02C01D54CCA8DB93BC6DB257ED7&MUID=32CCFE4691376B0F347AF16590E56A49
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
c7.png
p.sfx.ms/h/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.sfx.ms/h/c7.png
Requested by
Host: spoprod-a.akamaihd.net
URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20190726.002/jquery-1.7.2-39eeb07e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.95.147.73 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
639b06d02e6139d78e0eaeb0f8a31d96af88a0882d8036c5a6b45d10c3e321a3

Request headers

Referer
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 14:37:06 GMT
x-msnserver
RD0003FF23C253
last-modified
Tue, 14 Jul 2020 22:01:59 GMT
server
Microsoft-IIS/10.0
etag
"93567d652a5ad61:0"
content-type
image/png
status
200
cache-control
public,max-age=86400
x-odwebserver
westeurope1-odwebp
accept-ranges
bytes
content-length
5337
Plt.mvc
onedrive.live.com//Handlers/ 		42 B
517 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onedrive.live.com//Handlers/Plt.mvc?bicild=&v=0.0.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.13 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://onedrive.live.com/edit.aspx?reid=30FB75A88A9FB112!104&app=Excel&wdndinvoicep
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
x-msedge-ref
Ref A: A2354F40C50344CDB60504A602974B78 Ref B: ZRHEDGE0820 Ref C: 2020-08-11T14:37:12Z
x-odwebserver
canadaeast1-odwebpl
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
private, max-age=31536000
date
Tue, 11 Aug 2020 14:37:12 GMT
x-msnserver
RD00155D5EC9C0
expires
Wed, 11 Aug 2021 14:37:12 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Css_Start function| Css_Load function| Css_Error object| cssQos1 object| cssQos2 object| $Do object| $B object| $BSI object| $CSIPerf object| _d object| _dh function| _ge object| $U object| $CJ object| Flight function| requirejs function| require function| define function| JSUnhandledError function| JSCaughtError object| Log function| LogReporterEvent function| RequireJSError function| JSPerformanceData function| RequireJSOnFirstRequireEvent function| RequireDeps object| $Static function| $MB function| $ToggleSidebar object| $HIC object| $HeaderCookie object| $Config string| __odsp_culture object| FilesConfig string| backupBaseUrl object| failOverState function| processConfigToSupportFailOver object| __cdnFailOverState function| ic_showBar function| ic_onTE function| ic_onTL string| $icerrsrc object| ic_common_data object| ic_menu_data object| icPwcData object| ic_template_data function| $ function| jQuery function| registerNamespace object| Sys object| $UI object| _jsv object| wLive object| $css function| sutra function| unsutra object| $edh object| $Utility object| $Beacon function| $CD function| $CC object| $WebWatson object| jQuery17209594135139696973 object| $f function| $menu object| $IS object| $Cookie string| $Version string| CompatVersion object| $Debug function| _ce function| _$ge function| _get function| $Flags function| $Enum function| smartSetTimeout object| $HelpContext object| $Network object| $LightNetwork object| $ScenarioQoS object| $pwc object| $icm object| $ssl function| ObservableArray function| Observable object| $header object| $MeControl object| $footer object| $leftNav function| CollapsingMenu object| $CommandBar function| $Trie object| $Logout object| $Preload object| $baseMaster object| $Flextag function| stopDefaultAction function| loadScript function| getText function| setText function| isDescendantOf function| setDisplay function| resetDisplay function| setVisibility function| resetVisibility function| getTickCount function| isNullOrEmpty function| first function| HideElement function| ShowElement function| selectNodes function| elementHasClassName function| getChildByClassName function| getChildrenByClassName function| addCssClass function| removeCssClass function| prepareSubmitOnce function| trySubmit function| trySubmitData function| focusAndSelectTextField function| runBatchOperation function| hideButton function| showButton function| disableButton function| enableButton function| callHandlerOnEnterKey function| callHandlerOnEscKey function| purgeHandlers function| loadAdImage function| isChildOf function| isMenuOpen function| closeMenu function| toggleMenu function| hideOnEsc function| hideOnMouseUp function| downloadToPhotoGallery function| doOrderPrints function| getPosition function| getViewportDimensions function| setCookie function| getCookie object| Microsoft object| _csiPerfConfigOmniture object| _$emptyLogoLink function| GetString object| live boolean| ale_wlive

5 Cookies

Domain/Path Name / Value
.live.com/ Name: wla42
Value:
.live.com/ Name: xidseq
Value: 1
.live.com/ Name: xid
Value: cc8c7e0f-58cc-445b-9fbc-9ade8394476b&&RD00155D5EDD63&267
.live.com/ Name: BP
Value: l=SDX.Skydrive&FR=&ST=
.live.com/ Name: E
Value: P:ItN8BQQ+2Ig=:SjmHmDaVNQPkI0aT/XqowQbBlvGbNHKneieCwutq1iY=:F

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.bing.com
c.live.com
fonts.googleapis.com
fonts.gstatic.com
hotelgrandpapua.com
onedrive.live.com
p.sfx.ms
spoprod-a.akamaihd.net
13.107.42.13
13.95.147.73
2.16.186.40
203.80.8.102
2620:1ec:c11::200
2a00:1450:4001:80b::2003
2a00:1450:4001:819::200a
52.142.114.2
07ec698b1036cdfbb8892f02d9510f5f671284fca9fa003b883996da040a444b
18f13ce626cb89d034ad5569a8f258a99febb29d6c985aedfe267e40fde82147
24b23108d8add5179b34f3d3840e1d95fcd4f9a4d6c05c0d9cacc0a2820edd01
34401e82a1141472df1697a141aa50812c17e6138424ca4caba5f3fc69885f4a
3711ba98ca34a5bc5ce6b79de62a1a2eee453f413d2123e912d1ae6b0b0c8b33
455be57e5ca76be462428c7b127d03d0245952b7e00ca14e8bcb3bfe7584c758
5cfa556160a353d37185d8cbcf478f97b215f7d57d9821f20981bd0a4ad1fdd4
6103756591a0902515ab10671ed7dcab4100573121ec704e75433abb453f5cb9
639b06d02e6139d78e0eaeb0f8a31d96af88a0882d8036c5a6b45d10c3e321a3
63f1d4b85cbc2a65366cb7ab8253f351def7129e5a50c8e5ebe809fe5894a9d2
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
771d5c4a06a1573da9c0fb15fedc1b8bf2219dca348887c344843077a76dd803
7fb28d1f6c9f57439eb0e83e6b99857ce792a3874ff3a35e6dbe912692d0e9df
8cd55ae805a8a02ea21945cf5ff4e03d2b6030145678bcdda1932813f27667de
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf
bfb7362b6a5d508578ebe4f1884a92dba530b76fbe6be8db4a7b771c6aacaccf
c1c386e0a32dd7b53e751e38e41090406b11f8e5076288ba669d20e2254e1ae9
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f
d99623aba05a3d0cf5136c6c3f36480157398125156736f9990b2f023baeb3c2
f393d34deb9194264b81ee3d939301c39f9b8a892811c0d5d20aa2030474bbbe
fa2812dcf55c99cefe93319f1992b381e6f4203d7cebb61308d35f335934d953