onedrive.live.com Open in urlscan Pro
13.107.42.13 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onedrive.live.com/?authkey=%21AHnoa0wHt__zJjE&cid=8D601BCC2F15E433&id=8D601BCC2F15E433%21118&parId=root&o=OneUp
Submission Tags: falconsandbox
Submission: On July 29 via api (July 29th 2021, 10:42:18 am UTC) from US

Summary HTTP 85 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 15 IPs in 5 countries across 13 domains to perform 85 HTTP transactions. The main IP is 13.107.42.13, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is onedrive.live.com.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on October 13th 2020. Valid for: a year.

This is the only time onedrive.live.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	13.107.42.13 13.107.42.13	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.111.225.185 104.111.225.185	16625 (AKAMAI-AS) (AKAMAI-AS)
58	2.16.186.25 2.16.186.25	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	13.105.66.144 13.105.66.144	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	40.78.128.150 40.78.128.150	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:ec:... 2a02:26f0:ec:299::38f3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a02:26f0:6c0... 2a02:26f0:6c00:2bc::4b36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2620:1ec:29::42 2620:1ec:29::42	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.159.132 20.190.159.132	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	40.77.226.250 40.77.226.250	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.208.28.104 52.208.28.104	16509 (AMAZON-02) (AMAZON-02)
2 2	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
85	15

1 13.107.42.13 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

onedrive.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.225.185 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-225-185.deploy.static.akamaitechnologies.com

static2.sharepointonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

58 2.16.186.25 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-25.deploy.static.akamaitechnologies.com

spoprod-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.105.66.144 (Amsterdam, Netherlands) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

skyapi.onedrive.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
storage.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 40.78.128.150 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.pipe.aria.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ec:299::38f3 (London, United Kingdom)

ASN20940 (AKAMAI-ASN1, NL)

shellprod.msocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:2bc::4b36 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

shell.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:29::42 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

amcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.159.132 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

az725175.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.77.226.250 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

web.vortex.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c1.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.28.104 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-28-104.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.166 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	akamaihd.net spoprod-a.akamaihd.net	2 MB
8	live.com 1 redirects onedrive.live.com skyapi.onedrive.live.com storage.live.com login.live.com	32 KB
7	office.net shell.cdn.office.net	161 KB
6	microsoft.com 1 redirects browser.pipe.aria.microsoft.com web.vortex.data.microsoft.com c1.microsoft.com	3 KB
3	sharepointonline.com static2.sharepointonline.com	69 KB
2	doubleclick.net 2 redirects ad.doubleclick.net	737 B
1	google.de adservice.google.de	798 B
1	google.com 1 redirects adservice.google.com	670 B
1	demdex.net dpm.demdex.net	3 KB
1	bing.com 1 redirects c.bing.com	497 B
1	msecnd.net az725175.vo.msecnd.net	18 KB
1	msftauth.net amcdn.msftauth.net	9 KB
1	msocdn.com shellprod.msocdn.com	36 KB
85	13

	Domain	Requested by
58	spoprod-a.akamaihd.net	onedrive.live.com spoprod-a.akamaihd.net
7	shell.cdn.office.net	shellprod.msocdn.com
5	skyapi.onedrive.live.com	spoprod-a.akamaihd.net skyapi.onedrive.live.com
3	browser.pipe.aria.microsoft.com	spoprod-a.akamaihd.net shell.cdn.office.net
3	static2.sharepointonline.com	onedrive.live.com static2.sharepointonline.com
2	ad.doubleclick.net	2 redirects
2	c1.microsoft.com	1 redirects
1	adservice.google.de
1	adservice.google.com	1 redirects
1	dpm.demdex.net	az725175.vo.msecnd.net
1	c.bing.com	1 redirects
1	web.vortex.data.microsoft.com	az725175.vo.msecnd.net
1	az725175.vo.msecnd.net	onedrive.live.com
1	login.live.com
1	storage.live.com	1 redirects
1	amcdn.msftauth.net	shell.cdn.office.net
1	shellprod.msocdn.com	onedrive.live.com
1	onedrive.live.com
85	18

This site contains links to these domains. Also see Links.

Domain
login.live.com
g.live.com

Subject Issuer	Validity	Valid
onedrive.com Microsoft RSA TLS CA 02	`2020-10-13` - `2021-10-13`	a year	crt.sh
*.sharepointonline.com Microsoft RSA TLS CA 01	`2021-07-08` - `2022-07-08`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
storage.live.com Microsoft RSA TLS CA 01	`2020-10-13` - `2021-10-13`	a year	crt.sh
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 01	`2020-09-14` - `2021-09-09`	a year	crt.sh
*.msocdn.com Microsoft RSA TLS CA 01	`2020-10-19` - `2021-10-19`	a year	crt.sh
*.cdn.office.net Microsoft RSA TLS CA 01	`2021-01-26` - `2022-01-26`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06	`2021-06-05` - `2022-05-31`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-15`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2020-11-16` - `2021-11-10`	a year	crt.sh
*.vortex.data.microsoft.com Microsoft RSA TLS CA 02	`2020-10-05` - `2021-10-05`	a year	crt.sh
c.msn.com Microsoft Azure TLS Issuing CA 02	`2021-06-27` - `2022-06-22`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://onedrive.live.com/?authkey=%21AHnoa0wHt__zJjE&cid=8D601BCC2F15E433&id=8D601BCC2F15E433%21118&parId=root&o=OneUp
Frame ID: 35CECFB0F1277E86B4C6A2D585F7A178
Requests: 82 HTTP requests in this frame

Frame: https://skyapi.onedrive.live.com/xmlproxy.htm?domain=live.com
Frame ID: 9E1BD2C99CC27E2113BC4A712419AF4F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

85
Requests

100 %
HTTPS

35 %
IPv6

13
Domains

18
Subdomains

15
IPs

5
Countries

2014 kB
Transfer

7281 kB
Size

7
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2F%3Fauthkey%3D%2521AHnoa0wHt__zJjE%26cid%3D8D601BCC2F15E433%26id%3D8D601BCC2F15E433%2521118%26parId%3Droot%26o%3DOneUp%26mkt%3Den-US&lc=1033&id=250206&cbcxt=sky&mkt=en-US&lw=1&fl=easi2
Title: Sign in

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&lc=1033&id=250206&cbcxt=sky&ru=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot
Title: My files

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&lc=1033&id=250206&cbcxt=sky&ru=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Dmru&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Dmru
Title: Recent

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&lc=1033&id=250206&cbcxt=sky&ru=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26v%3Dphotos%26id%3Droot%26qt%3Dallmyphotos&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26v%3Dphotos%26id%3Droot%26qt%3Dallmyphotos
Title: Photos

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&lc=1033&id=250206&cbcxt=sky&ru=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Dsharedby&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Dsharedby
Title: Shared

Search URL Search Domain Scan URL

URL: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555321&rver=7.3.6962.0&wp=MBI_SSL_SHARED&lc=1033&id=250206&cbcxt=sky&ru=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Drecyclebin&wreply=https%3A%2F%2Fonedrive%2Elive%2Ecom%2F%3Fauthkey%3D%2521AHnoa0wHt%255F%255FzJjE%26id%3Droot%26qt%3Drecyclebin
Title: Recycle bin

Search URL Search Domain Scan URL

URL: https://g.live.com/8SESkyDrive/SkyDriveApps?biciid=lhnlink
Title: Get the OneDrive apps

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://storage.live.com/mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1627555322588 HTTP 302
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1627555322&rver=7.3.6962.0&wp=MBI_SSL&wreply=https:%2F%2Fstorage.live.com%2Fstorageservice%2Fpassport%2Fauth.aspx%3Fsru%3Dhttps:%252f%252fstorage.live.com%252fmydata%252fmyprofile%252fexpressionprofile%252fprofilephoto:UserTileStatic%252cUserTileSmall%252fMeControlMediumUserTile&lc=1033&id=63539

Request Chain 74

https://c1.microsoft.com/c.gif?DI=4050&did=1&t= HTTP 302
https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=63E587788006427387C2BE27DB347BE4&RedC=c1.microsoft.com&MXFR=31A8093C0900684C3AB119BF0D006ED0 HTTP 302
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=63E587788006427387C2BE27DB347BE4&MUID=31A8093C0900684C3AB119BF0D006ED0

Request Chain 76

https://ad.doubleclick.net/ddm/activity/src=6952136;type=store0;cat=jsll;u58=e4505e1bcc684d86808d9696ea4467a4;match_id=e4505e1bcc684d86808d9696ea4467a4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=6952136;dc_pre=CIfyg4eMiPICFQbasgodMTEIOQ;type=store0;cat=jsll;u58=e4505e1bcc684d86808d9696ea4467a4;match_id=e4505e1bcc684d86808d9696ea4467a4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/p/src=6952136;dc_pre=CIfyg4eMiPICFQbasgodMTEIOQ;type=store0;cat=jsll;u58=e4505e1bcc684d86808d9696ea4467a4;match_id=e4505e1bcc684d86808d9696ea4467a4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=https://onedrive.live.com/ HTTP 302
https://adservice.google.de/ddm/fls/p/src=6952136;dc_pre=CIfyg4eMiPICFQbasgodMTEIOQ;type=store0;cat=jsll;u58=e4505e1bcc684d86808d9696ea4467a4;match_id=e4505e1bcc684d86808d9696ea4467a4;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=https://onedrive.live.com/

85 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
onedrive.live.com/ 54 KB
19 KB 163ms
137ms Document
text/html 13.107.42.13
MICROSOFT-CORP-MS...

General

Domain/Path	Expires	Name / Value
.live.com/	1969-12-31 23:59:59	Name: xidseq Value: 2
.live.com/	1969-12-31 23:59:59	Name: E Value: P:79PEf31S2Yg=:Pse4slvwW2XoLUF0NjLn4XXLJ97s8rt65zobV+PojeQ=:F
onedrive.live.com/	1969-12-31 23:59:59	Name: ShCLSessionID Value: 1627555322325_0.19320641112583936
.live.com/	1970-01-19 20:16:00	Name: wla42 Value:
.live.com/	1969-12-31 23:59:59	Name: SAToken1 Value:
.live.com/	1969-12-31 23:59:59	Name: SAToken0 Value:
.live.com/	1969-12-31 23:59:59	Name: xid Value: 7e95349d-a26e-4a31-ac6f-f354726f2d7a&&RD0004FFA717B8&253

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

onedrive.live.com Open in urlscan Pro 13.107.42.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

85 Requests

100 %HTTPS

35 %IPv6

13 Domains

18 Subdomains

15 IPs

5 Countries

2014 kBTransfer

7281 kBSize

7 Cookies

7 Outgoing links

Redirected requests

85 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

onedrive.live.com Open in urlscan Pro
13.107.42.13 Public Scan

Screenshot
Live screenshot

Full Image

85
Requests

100 %
HTTPS

35 %
IPv6

13
Domains

18
Subdomains

15
IPs

5
Countries

2014 kB
Transfer

7281 kB
Size

7
Cookies

85 HTTP transactions
2 data transactions