microsoftt-tems-download.com Open in urlscan Pro
2606:4700:3033::ac43:9a5c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://microsoftt-tems-download.com/
Effective URL:
https://microsoftt-tems-download.com/lander
Submission Tags: falconsandbox
Submission: On August 15 via api (August 15th 2024, 8:39:50 pm UTC) from US — Scanned from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3033::ac43:9a5c, located in United States and belongs to CLOUDFLARENET, US. The main domain is microsoftt-tems-download.com.
TLS certificate: Issued by WE1 on June 17th 2024. Valid for: 3 months.

This is the only time microsoftt-tems-download.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 7	2606:4700:303... 2606:4700:3033::ac43:9a5c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:809::2004	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:4ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	23.209.72.200 23.209.72.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.165.134 172.217.165.134	15169 (GOOGLE) (GOOGLE)
4	50.17.135.148 50.17.135.148	14618 (AMAZON-AES) (AMAZON-AES)
20	7

7 2606:4700:3033::ac43:9a5c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

microsoftt-tems-download.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:4ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.209.72.200 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-209-72-200.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.165.134 (United States)

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 50.17.135.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-135-148.compute-1.amazonaws.com

api.aws.parking.godaddy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	microsoftt-tems-download.com 1 redirects microsoftt-tems-download.com	12 KB
4	godaddy.com api.aws.parking.godaddy.com — Cisco Umbrella Rank: 84499	740 B
4	wsimg.com img1.wsimg.com — Cisco Umbrella Rank: 15358	174 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1603	1 KB
2	btloader.com btloader.com — Cisco Umbrella Rank: 1573	19 KB
1	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 210	130 B
1	google.com www.google.com — Cisco Umbrella Rank: 10	54 KB
20	7

	Domain	Requested by
7	microsoftt-tems-download.com	1 redirects microsoftt-tems-download.com
4	api.aws.parking.godaddy.com	img1.wsimg.com
4	img1.wsimg.com	microsoftt-tems-download.com img1.wsimg.com
2	ad-delivery.net	microsoftt-tems-download.com
2	btloader.com	microsoftt-tems-download.com
1	ad.doubleclick.net	microsoftt-tems-download.com
1	www.google.com	microsoftt-tems-download.com
20	7

This site contains no links.

Subject Issuer	Validity	Valid
microsoftt-tems-download.com WE1	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
btloader.com WE1	`2024-08-10` - `2024-11-08`	3 months	crt.sh
*.wsimg.com Starfield Secure Certificate Authority - G2	`2023-09-19` - `2024-10-20`	a year	crt.sh
ad-delivery.net WE1	`2024-07-15` - `2024-10-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.aws.parking.godaddy.com Go Daddy Secure Certificate Authority - G2	`2024-04-15` - `2025-05-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://microsoftt-tems-download.com/lander
Frame ID: 2A4D568A8F10A6250DE8DF572F1DF481
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://microsoftt-tems-download.com/ HTTP 307
https://microsoftt-tems-download.com/ Page URL
https://microsoftt-tems-download.com/cdn-cgi/phish-bypass?atok=nstBY4q27jrsjdSM3frHSIRsJBx5MU4vHjLTdomCzks-172375... HTTP 301
https://microsoftt-tems-download.com/ Page URL
https://microsoftt-tems-download.com/lander Page URL

Page Statistics

20
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

261 kB
Transfer

930 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://microsoftt-tems-download.com/ HTTP 307
https://microsoftt-tems-download.com/ Page URL
https://microsoftt-tems-download.com/cdn-cgi/phish-bypass?atok=nstBY4q27jrsjdSM3frHSIRsJBx5MU4vHjLTdomCzks-1723754360-0.0.1.1-%2F HTTP 301
https://microsoftt-tems-download.com/ Page URL
https://microsoftt-tems-download.com/lander Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://microsoftt-tems-download.com/ HTTP 307
https://microsoftt-tems-download.com/

Request Chain 4

https://microsoftt-tems-download.com/cdn-cgi/phish-bypass?atok=nstBY4q27jrsjdSM3frHSIRsJBx5MU4vHjLTdomCzks-1723754360-0.0.1.1-%2F HTTP 301
https://microsoftt-tems-download.com/

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
microsoftt-tems-download.com/
Redirect Chain

http://microsoftt-tems-download.com/
https://microsoftt-tems-download.com/

4 KB
2 KB

37ms
10ms

Document
text/html

2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftt-tems-download.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efaed9834eb6db9f3acdd4ef57caa7276ed85dd20849c00d87b0aa52b506bb6f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8b3bfe540f184364-EWR
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 15 Aug 2024 20:39:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4um4kJZF%2BNtqxjVhA0WZGKX2Hbu6RNPBkIU8kIXOuYrwhp6olC64ImEDNL2WnoTgV21v%2Boa1IDnV%2FNd91rrdTNeOmUnOB1A1JkF4ezVMFNZnSvKzMvQQBaYtyG2PL8KSHzlf5kXGzYZdXHpj7%2F%2FjplHBjph3DJORHMDM"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://microsoftt-tems-download.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 cf.errors.css
microsoftt-tems-download.com/cdn-cgi/styles/ 23 KB
5 KB 7ms
6ms Stylesheet
text/css 2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftt-tems-download.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Aug 2024 15:29:31 GMT
server: cloudflare
etag: W/"66b635db-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8b3bfe546f714364-EWR
expires: Thu, 15 Aug 2024 22:39:21 GMT

GET
H3 200 icon-exclamation.png
microsoftt-tems-download.com/cdn-cgi/images/ 452 B
636 B 7ms
6ms Image
image/png 2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftt-tems-download.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://microsoftt-tems-download.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:21 GMT
x-content-type-options: nosniff
last-modified: Fri, 09 Aug 2024 15:29:31 GMT
server: cloudflare
etag: "66b635db-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8b3bfe54afd34364-EWR
content-length: 452
expires: Thu, 15 Aug 2024 22:39:21 GMT

GET
H3 200 favicon.ico
microsoftt-tems-download.com/ 4 KB
2 KB 19ms
19ms Other
text/html 2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftt-tems-download.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f50d35ff70e5bc929f5548650c93a9bd1c7e118aa94a89069d673bda675f5e1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:21 GMT
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1kFFs%2BI%2FaD04nCMtTLK5so28DYKoUJI0t%2FVeI9lCi8Fidz6mERPqVf7CoB59%2FprpcDSJU0LMpnDDj73t8SbX%2FBrP5u%2FjwecR01mmm55jgbnxoB3eeN9Gj223KVNGCNPUJhuxjwzPlOrTxFMu4qbYZLZFL2bRdB0KRBuA"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8b3bfe54e8124364-EWR

GET
H2

200

/
microsoftt-tems-download.com/
Redirect Chain

https://microsoftt-tems-download.com/cdn-cgi/phish-bypass?atok=nstBY4q27jrsjdSM3frHSIRsJBx5MU4vHjLTdomCzks-1723754360-0.0.1.1-%2F
https://microsoftt-tems-download.com/

114 B
483 B

45ms
43ms

Document
text/html

2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://microsoftt-tems-download.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://microsoftt-tems-download.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8b3bfee8f84b5e7f-EWR
content-encoding: br
content-type: text/html
date: Thu, 15 Aug 2024 20:39:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2FJoIVsAUvB8Jrh2LgNgtxon%2B46GB%2Bey8%2Fg%2BGDwBEnXX82EI%2FByzWLq3H1emg3%2FvCsE5CQspJ4axS99%2BTFPu%2BOUkQeZzSO4hXRudyrnqoh6dLgq3yVd3F8ERtX9SLlQANi17T9rfUo5LebpbcLUEpuRRAcyNKOR7m%2Fb%2B"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

cache-control: private, no-cache
cf-ray: 8b3bfee8e8365e7f-EWR
content-length: 167
content-type: text/html
date: Thu, 15 Aug 2024 20:39:44 GMT
location: https://microsoftt-tems-download.com/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 Primary Request lander Show response
microsoftt-tems-download.com/ 620 B
1 KB 56ms
56ms Document
text/html 2606:4700:3033::ac43:9a5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftt-tems-download.com/lander

Requested by

Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3033::ac43:9a5c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b749f1ab10d7d9edd5cf90bff429126194b9f3381eac0bce23b699f258ab7c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://microsoftt-tems-download.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=86400
cf-cache-status: DYNAMIC
cf-ray: 8b3bfee98f88c324-EWR
content-encoding: br
content-type: text/html
date: Thu, 15 Aug 2024 20:39:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ld%2FXBmVvEuDGCnGZg3%2BDf5Lx5%2Br2dnyUsEXPjmgfR56pxnB9xRENCthkDMcVNr5T6shCqLjfZe4ROS6EbCbFdrb6h1HhZKIlQJCV3R3VYogocyxDprx4tyttJ8nym0ATgLLkYsWtDulirPrNPb1Mti41TshqQeyJnRl9"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_WVW3OS0rk3JeMs/CepuqJR08R/RUuM9z8FrveFP95HjXUcsM/PX7EqFlHDGFtzXWAL/YaXdCA9qSsbFrHDtlzg
x-content-type-options: nosniff

GET
H3 200 caf.js Show response
www.google.com/adsense/domains/ 151 KB
54 KB 58ms
21ms Script
text/javascript 2607:f8b0:4006:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true

Requested by

Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b2f2f130d28339cad03ed664413168fda63e849e4409b7179a0cb183900b2c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "8484770446494511916"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://syndicatedsearch.goog>; rel="preconnect"
expires: Thu, 15 Aug 2024 20:39:44 GMT

GET
H2 200 tag Show response
btloader.com/ 56 KB
19 KB 58ms
22ms Script
application/javascript 2606:4700:10::6816:4ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5097926782615552&upapi=true
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 076b8a1e95bbaedcdfc8815d3c3bb73cfb7d9d53fca2b6ca98350c47cf04ae98

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:44 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 15 Aug 2024 20:23:58 GMT
server: cloudflare
age: 840
etag: "34b09e3279a427c15be09cd8874f379f"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 8b3bfeea2cdb32d9-EWR
content-length: 19032

GET
H2 200 main.44e3ce99.js Show response
img1.wsimg.com/parking-lander/static/js/ 629 KB
173 KB 13ms
12ms Script
application/javascript 23.209.72.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/parking-lander/static/js/main.44e3ce99.js
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.209.72.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-209-72-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 894135c1d50ce986b659742ac87e03379222c507a85d5d78e2d63e4a2feab0cd

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Ud8b43sjPjhANm.r_9yFiUaf3gvo_hjw
content-encoding: gzip
date: Thu, 15 Aug 2024 20:39:45 GMT
x-amz-request-id: BKMAJM35719GH457
x-amz-server-side-encryption: AES256
content-length: 176557
x-amz-id-2: UG/ggi9i9F2S5t6DJy8GzTRReiU2Zxv3m5YcNphxccWsmDMhkpwqGcUX/GcfLzksVdKmp57sVWNnJrI4Ob628A==
last-modified: Mon, 12 Aug 2024 21:32:55 GMT
etag: "dc17f34b710dca1e7c9a19df357e6e9e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Aug 2025 20:39:45 GMT

GET
H2 200 main.b04c2b5f.css
img1.wsimg.com/parking-lander/static/css/ 3 KB
1 KB 125ms
6ms Stylesheet
text/css 23.209.72.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/parking-lander/static/css/main.b04c2b5f.css
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.209.72.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-209-72-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7747ef2dfda5ce0826a675d6e6aca3c1f30d6f44ab899b45efcd18b04e050055

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: RzXeenZTvJi.dxYORPdUng46OnM.KgPP
content-encoding: gzip
date: Thu, 15 Aug 2024 20:39:45 GMT
x-amz-request-id: BKM6763N3Z1EJ2E4
x-amz-server-side-encryption: AES256
content-length: 1003
x-amz-id-2: pDgoin/c0eaONBHgq+2gRAF7ja/+n5DmFrQt1FnI0uFtCjzaEdJfwy7hDxUgi10JsJlvadYArIuXeiXBXuUgBQ==
last-modified: Mon, 12 Aug 2024 21:32:59 GMT
etag: "5d48da9587ed5173cf3b747bc119b22d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Aug 2025 20:39:45 GMT

GET
H2 200 tag
btloader.com/ 56 KB
64 B 15ms
13ms Other
application/javascript 2606:4700:10::6816:4ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5097926782615552&upapi=true
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 076b8a1e95bbaedcdfc8815d3c3bb73cfb7d9d53fca2b6ca98350c47cf04ae98

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:45 GMT
via: 1.1 google
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Aug 2024 20:23:58 GMT
server: cloudflare
age: 841
etag: "34b09e3279a427c15be09cd8874f379f"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 8b3bfeeacd3132d9-EWR
content-length: 19032

GET
H2 200 px.gif
ad-delivery.net/ 43 B
345 B 33ms
17ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1383307
x-guploader-uploadid: ABPtcPpGQj4M5XWsw0_afNd_e9OGg14LZRJ1uEm-mT1UqcHm2kBDuQd0t4vHO2_h4el5IlQxZBc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3ZXThJejP%2FFSBAK0rdmjfvjg%2Fa7TmMkiMdZCzxS6WRQq%2FsJ9PtcxMvz3Xd4VeNF%2BNn2hdi%2BglFiFDdxSxKymyT0X1CASWvVGBgripHYscVziI%2FJGGf4T0jiytLvv%2Ba0se12qDE2qhZ%2BjX48pg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8b3bfeeae9b8c46d-EWR
expires: Fri, 16 Aug 2024 20:39:45 GMT

GET
H3 200 favicon.ico
ad.doubleclick.net/ 1 KB
130 B 39ms
12ms Image
image/x-icon 172.217.165.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lax30s03-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 20:16:54 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
911 B 31ms
16ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.8185405394963221
Requested by: Host: microsoftt-tems-download.com
URL: https://microsoftt-tems-download.com/lander
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 15 Aug 2024 20:39:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1383307
x-guploader-uploadid: ABPtcPpGQj4M5XWsw0_afNd_e9OGg14LZRJ1uEm-mT1UqcHm2kBDuQd0t4vHO2_h4el5IlQxZBc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4kTv0lnA%2FiNbJiqQDeubpsEiyxHluus3RF4o3%2F0QVO39N4TjDwNlsDjQZ0aLOw6bxd5ib45wdvGkdrQ50sqkw5K2W21NRlI%2BDwLvNskS6gCDUD6y5hffYWrrsruSdRDMMdjGYrukJHI36hbgg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 8b3bfeeae9bec46d-EWR
expires: Fri, 16 Aug 2024 20:39:45 GMT

GET
H2 200 px.js
img1.wsimg.com/parking-lander/ 0
0 17ms
6ms Fetch
application/javascript 23.209.72.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/parking-lander/px.js?ch=1&abp=1&gdabp=true
Requested by: Host: img1.wsimg.com
URL: https://img1.wsimg.com/parking-lander/static/js/main.44e3ce99.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.209.72.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-209-72-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: VpOp5kH7xlZ8sBobCxe1ryeMkfP8S_g6
content-encoding: gzip
date: Thu, 15 Aug 2024 20:39:45 GMT
x-amz-request-id: 7MZ65DZQTDZBS739
x-amz-server-side-encryption: AES256
content-length: 20
x-amz-id-2: wZSSSgi4CyRxQeS/XfSPrKtxw7sWcP7ZrW2Z94Gjw+uioemn790xqXdJSh573TTRgrq4YG4gYRY=
last-modified: Mon, 05 Aug 2024 16:19:34 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Aug 2025 20:39:45 GMT

GET
H2 200 px.js
img1.wsimg.com/parking-lander/ 0
0 8ms
6ms Fetch
application/javascript 23.209.72.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/parking-lander/px.js?ch=2&abp=2&gdabp=true
Requested by: Host: img1.wsimg.com
URL: https://img1.wsimg.com/parking-lander/static/js/main.44e3ce99.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.209.72.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-209-72-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: mGtaW_uL6.LKoIPLEuKOwSJiMqItag0X
content-encoding: gzip
date: Thu, 15 Aug 2024 20:39:45 GMT
x-amz-request-id: 469CBC5537HZ918Z
x-amz-server-side-encryption: AES256
content-length: 20
x-amz-id-2: j71Hbvw34wDuEmmA2giz1OUCGi3HMPq7eSMXH2lS7XXbDjiYOZBNiZTFWvs9Jq71RBcX2WidZLg=
last-modified: Fri, 02 Aug 2024 16:15:48 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Aug 2025 20:39:45 GMT

OPTIONS
H2 200 domain
api.aws.parking.godaddy.com/v1/domains/ 0
0 62ms
14ms Preflight 50.17.135.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.aws.parking.godaddy.com/v1/domains/domain?domain=microsoftt-tems-download.com&portfolioId=D6FD8B5F-DE1F-46CE-A960-95D34D9DA776&abp=1&gdabp=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.17.135.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-135-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-request-id
Access-Control-Request-Method: GET
Origin: https://microsoftt-tems-download.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Request-Id
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: https://microsoftt-tems-download.com
access-control-max-age: 600
content-length: 0
date: Thu, 15 Aug 2024 20:39:45 GMT
x-request-id: 5d6bn8bf

GET
H2 200 domain Show response
api.aws.parking.godaddy.com/v1/domains/ 214 B
740 B 16ms
16ms Fetch
application/json 50.17.135.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.aws.parking.godaddy.com/v1/domains/domain?domain=microsoftt-tems-download.com&portfolioId=D6FD8B5F-DE1F-46CE-A960-95D34D9DA776&abp=1&gdabp=true
Requested by: Host: img1.wsimg.com
URL: https://img1.wsimg.com/parking-lander/static/js/main.44e3ce99.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.17.135.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-135-148.compute-1.amazonaws.com
Software: /
Resource Hash: a08d08e8828cf5309f004e7b496e0569b636abf59bd93eda32bb8c17de5c46bf

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
X-Request-Id: 35082b61-033a-4e5d-b93e-6fe52e18b035

Response headers

access-control-allow-origin: https://microsoftt-tems-download.com
date: Thu, 15 Aug 2024 20:39:45 GMT
access-control-allow-credentials: true
content-length: 214
access-control-max-age: 600
x-request-id: 35082b61-033a-4e5d-b93e-6fe52e18b035
content-type: application/json

OPTIONS
H2 200 parkingEvents
api.aws.parking.godaddy.com/v1/ 0
0 12ms
11ms Preflight
text/plain 50.17.135.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.aws.parking.godaddy.com/v1/parkingEvents?abp=1&gdabp=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.17.135.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-135-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://microsoftt-tems-download.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
content-length: 0
content-type: text/plain
date: Thu, 15 Aug 2024 20:39:45 GMT

POST
H2 200 parkingEvents
api.aws.parking.godaddy.com/v1/ 0
0 16ms
14ms Fetch
text/plain 50.17.135.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.aws.parking.godaddy.com/v1/parkingEvents?abp=1&gdabp=true
Requested by: Host: img1.wsimg.com
URL: https://img1.wsimg.com/parking-lander/static/js/main.44e3ce99.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.17.135.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-135-148.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://microsoftt-tems-download.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 15 Aug 2024 20:39:45 GMT
content-length: 0
content-type: text/plain

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: __cf_mw_byp Value: nstBY4q27jrsjdSM3frHSIRsJBx5MU4vHjLTdomCzks-1723754360-0.0.1.1-/
microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: expiry_partner Value: newfold.EXPIRED.D6FD8B5F-DE1F-46CE-A960-95D34D9DA776
microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: caf_ipaddr Value: 162.158.62.187
microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: country Value: US
microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: city Value: East%20Rutherford
microsoftt-tems-download.com/	1970-01-20 22:50:40	Name: lander_type Value: parking-newfold
microsoftt-tems-download.com/	1970-01-21 07:34:50	Name: pvisitor Value: ce9aaa14-b411-4211-be88-6cfe4f78cbb4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-delivery.net
ad.doubleclick.net
api.aws.parking.godaddy.com
btloader.com
img1.wsimg.com
microsoftt-tems-download.com
www.google.com
172.217.165.134
23.209.72.200
2606:4700:10::6816:4ad8
2606:4700:20::ac43:4513
2606:4700:3033::ac43:9a5c
2607:f8b0:4006:809::2004
50.17.135.148
076b8a1e95bbaedcdfc8815d3c3bb73cfb7d9d53fca2b6ca98350c47cf04ae98
2f50d35ff70e5bc929f5548650c93a9bd1c7e118aa94a89069d673bda675f5e1
3b749f1ab10d7d9edd5cf90bff429126194b9f3381eac0bce23b699f258ab7c5
4b2f2f130d28339cad03ed664413168fda63e849e4409b7179a0cb183900b2c4
7747ef2dfda5ce0826a675d6e6aca3c1f30d6f44ab899b45efcd18b04e050055
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
894135c1d50ce986b659742ac87e03379222c507a85d5d78e2d63e4a2feab0cd
a08d08e8828cf5309f004e7b496e0569b636abf59bd93eda32bb8c17de5c46bf
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
efaed9834eb6db9f3acdd4ef57caa7276ed85dd20849c00d87b0aa52b506bb6f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

microsoftt-tems-download.com Open in urlscan Pro 2606:4700:3033::ac43:9a5c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

20 Requests

100 %HTTPS

57 %IPv6

7 Domains

7 Subdomains

7 IPs

1 Countries

261 kBTransfer

930 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

7 Cookies

Security Headers

Indicators

microsoftt-tems-download.com Open in urlscan Pro
2606:4700:3033::ac43:9a5c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

261 kB
Transfer

930 kB
Size

7
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!