login-microsoft-secure.vercel.app Open in urlscan Pro
76.76.21.93 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://t1z.li/test123
Effective URL:
https://login-microsoft-secure.vercel.app/
Submission: On November 13 via manual (November 13th 2024, 3:12:45 pm UTC) from DE — Scanned from DE

Summary HTTP 8 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 76.76.21.93, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is login-microsoft-secure.vercel.app.
TLS certificate: Issued by R11 on October 17th 2024. Valid for: 3 months.

This is the only time login-microsoft-secure.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.24.57.1 216.24.57.1	397273 (RENDER) (RENDER)
4	76.76.21.93 76.76.21.93	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
8	3

1 216.24.57.1 (United States) 1 redirects

ASN397273 (RENDER, US)

t1z.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.76.21.93 (Walnut, United States)

ASN16509 (AMAZON-02, US)

login-microsoft-secure.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

acctcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	vercel.app login-microsoft-secure.vercel.app	99 KB
3	msftauth.net acctcdn.msftauth.net — Cisco Umbrella Rank: 5526 aadcdn.msftauth.net — Cisco Umbrella Rank: 1273	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 55	1 KB
1	t1z.li 1 redirects t1z.li	339 B
8	4

	Domain	Requested by
4	login-microsoft-secure.vercel.app	login-microsoft-secure.vercel.app
2	acctcdn.msftauth.net	login-microsoft-secure.vercel.app
1	aadcdn.msftauth.net
1	fonts.googleapis.com	login-microsoft-secure.vercel.app
1	t1z.li	1 redirects
8	5

This site contains links to these domains. Also see Links.

Domain
login.live.com
login.microsoftonline.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
*.vercel.app R11	`2024-10-17` - `2025-01-15`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
identitycdn.msauth.net Microsoft Azure RSA TLS Issuing CA 04	`2024-06-07` - `2025-06-02`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login-microsoft-secure.vercel.app/
Frame ID: A9FF2386362BE2665560972A3547C051
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Microsoft

Page URL History Show full URLs

http://t1z.li/test123 HTTP 307
https://t1z.li/test123 HTTP 302
http://login-microsoft-secure.vercel.app/ HTTP 307
https://login-microsoft-secure.vercel.app/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

105 kB
Transfer

344 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://login.live.com/oauth20_authorize.srf?client_id=10fa57ef-4895-4ab2-872c-8c3613d4f7fb&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fwww.microsoft.com%2fcascadeauth%2faccount%2fsignin-oidc&response_type=code&state=CfDJ8O-wpFJKrbVKq8YvAg70sS8auqSo0e3u7jSVBKJzAF8BU2tcWJ229HbmPd-Ni_U7d9C38CPpukA2w6e_RKPqRUwDOICpI9_J6SPrSKhgvpX0G1gpaXNzoebbTWXIZBKHFMfBOk6eiGiqUicKGWYLsUvRapKRworTwlCVePwD9vdkwBxv311iGF4OTf0Dtai0g2xyIuqcWgo_qyi5-rsMqCv3jk6rwxx5o29vQVrdJeZ8LUjFsWFTUt63a7cKx9RHX4e8j1mFNvibMCBmqqWgw4owdUOkMPPQEEuREZ-YEV-lbYFXF7gZZzCW5sZOhxHfjdcGq5vbkEQGZUVXtjmZ1-LO3X9HDfFuw5yeaFgJEwSYWzDXwRy-kovBU6tiRCkIe8jkXgz7E0qB6fSDFAlUjdmzh1CEf2F1-YI0fL01V5wCf92TGxWVF_clzhFJVIwq6jqkcfZjSs6_OqkH-el1FPWJ7s5i_INt5jUYU6oWZyjsPTtHMl8Zcfk5yiZ11dJLUVGnFEQNf9BVAgVdxaLxIFcwEhb4_BsdkRwfkjRX3cYIgwvjPvGVZeY7LA1TcgdCGRZcMQRy2Hr3u_eiqXPwnWEcZU6rYkdegMYmn1ggt1LwXrfg6NupaQWEqbrySk7V8sAUYhM6tw6kOaphrJ1oLSE&response_mode=form_post&nonce=638546877852801188.YjIwOTY2NTEtY2YxMy00NmI2LWExNTQtOTYwNjM1YWEwZGRmYmEwNjY0NjYtNGFmMS00YWE3LTgzYzUtYjQ2MzAxNWZlYmRm&code_challenge=APkYWnSM4lVpgTB2Sr7eU_-2Vodx7kUReZor9iFaXuw&code_challenge_method=S256&x-client-SKU=ID_NET6_0&x-client-Ver=7.6.0.0&uaid=f8538361c7564345a84094e3afd17394&msproxy=1&issuer=mso&tenant=common&ui_locales=en-US&client_info=1&signup=1&lw=1&fl=easi2&epct=PAQABDgEAAAApTwJmzXqdR4BN2miheQMYgKCxAwcsRQdNZAaiF_LgD1dEkXs-PdNQ_TFMRNfzVwpu-Z3Ii1oANbEyQO-lHh0rVeZ12Ov719EGenlMxsvagMDHO1IfDeDkNO1lv48F4pcDWQ_ojl4Fhz0tp3XISszooHd2U11qgeqYP3QuW9OSBiCFfYSh6PbnkPSXcmbbtP3yu2VVcMK2zCGNOCUrKX_Hvm_Wm9sf8g0wIyCfqxHmGSAA&jshs=0&claims=%7b%22compact%22%3a%7b%22name%22%3a%7b%22essential%22%3atrue%7d%7d%7d
Title: Create one!

Search URL Search Domain Scan URL

URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=10fa57ef-4895-4ab2-872c-8c3613d4f7fb&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fcascadeauth%2Faccount%2Fsignin-oidc&response_type=code&prompt=&scope=openid%20profile%20offline_access&code_challenge=N6_wU0oc3wwm1gUes6nMijrdkKYhobSMvy-ur5PdhoU&code_challenge_method=S256&response_mode=form_post&nonce=638546877852801188.YjIwOTY2NTEtY2YxMy00NmI2LWExNTQtOTYwNjM1YWEwZGRmYmEwNjY0NjYtNGFmMS00YWE3LTgzYzUtYjQ2MzAxNWZlYmRm&client_info=1&x-client-brkrver=IDWeb.2.19.0.0&lc=1033&claims=%7B%22compact%22%3A%7B%22name%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&state=CfDJ8O-wpFJKrbVKq8YvAg70sS8auqSo0e3u7jSVBKJzAF8BU2tcWJ229HbmPd-Ni_U7d9C38CPpukA2w6e_RKPqRUwDOICpI9_J6SPrSKhgvpX0G1gpaXNzoebbTWXIZBKHFMfBOk6eiGiqUicKGWYLsUvRapKRworTwlCVePwD9vdkwBxv311iGF4OTf0Dtai0g2xyIuqcWgo_qyi5-rsMqCv3jk6rwxx5o29vQVrdJeZ8LUjFsWFTUt63a7cKx9RHX4e8j1mFNvibMCBmqqWgw4owdUOkMPPQEEuREZ-YEV-lbYFXF7gZZzCW5sZOhxHfjdcGq5vbkEQGZUVXtjmZ1-LO3X9HDfFuw5yeaFgJEwSYWzDXwRy-kovBU6tiRCkIe8jkXgz7E0qB6fSDFAlUjdmzh1CEf2F1-YI0fL01V5wCf92TGxWVF_clzhFJVIwq6jqkcfZjSs6_OqkH-el1FPWJ7s5i_INt5jUYU6oWZyjsPTtHMl8Zcfk5yiZ11dJLUVGnFEQNf9BVAgVdxaLxIFcwEhb4_BsdkRwfkjRX3cYIgwvjPvGVZeY7LA1TcgdCGRZcMQRy2Hr3u_eiqXPwnWEcZU6rYkdegMYmn1ggt1LwXrfg6NupaQWEqbrySk7V8sAUYhM6tw6kOaphrJ1oLSE&x-client-SKU=ID_NET6_0&x-client-ver=7.6.0.0
Title: Can't access your account?

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://t1z.li/test123 HTTP 307
https://t1z.li/test123 HTTP 302
http://login-microsoft-secure.vercel.app/ HTTP 307
https://login-microsoft-secure.vercel.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
login-microsoft-secure.vercel.app/
Redirect Chain

http://t1z.li/test123
https://t1z.li/test123
http://login-microsoft-secure.vercel.app/
https://login-microsoft-secure.vercel.app/

655 B
976 B

137ms
23ms

Document
text/html

76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoft-secure.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fed62ab2e747f636863ea430ee7a58ea896aecf88c9fa8901fabee11f14da387

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 4294780
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-length: 655
content-type: text/html; charset=utf-8
date: Wed, 13 Nov 2024 15:12:35 GMT
etag: "9eb4628fb9dbda8499d56a5a67b77778"
last-modified: Tue, 24 Sep 2024 22:12:54 GMT
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-vercel-cache: HIT
x-vercel-id: fra1::f5d95-1731510755183-348f1b68fa41

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://login-microsoft-secure.vercel.app/
Non-Authoritative-Reason: HSTS

GET
H2 200 css2
fonts.googleapis.com/ 29 KB
1 KB 162ms
7ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: login-microsoft-secure.vercel.app
URL: https://login-microsoft-secure.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

43377aa6dbf576c39268b74a68e1451f5c30483ae93d4641d4d19f16a5c8de85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 13 Nov 2024 15:12:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 13 Nov 2024 15:12:35 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 13 Nov 2024 15:10:36 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 main.aec6fb68.js Show response
login-microsoft-secure.vercel.app/static/js/ 289 KB
88 KB 95ms
93ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoft-secure.vercel.app/static/js/main.aec6fb68.js

Requested by

Host: login-microsoft-secure.vercel.app
URL: https://login-microsoft-secure.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

aa8edd1575c455e35c778fe4087fe4b3b5ee145300208e247231184ad3477a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"0d8bab9073d46f9c934cf9f83ccffea5"
age: 4294780
access-control-allow-origin: *
date: Wed, 13 Nov 2024 15:12:35 GMT
content-disposition: inline; filename="main.aec6fb68.js"
content-type: application/javascript; charset=utf-8
server: Vercel
last-modified: Tue, 24 Sep 2024 22:12:54 GMT
x-vercel-id: fra1::sg2xr-1731510755324-957fbb99bad3

GET
H2 200 main.8775f43e.css
login-microsoft-secure.vercel.app/static/css/ 11 KB
2 KB 103ms
102ms Stylesheet
text/css 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoft-secure.vercel.app/static/css/main.8775f43e.css

Requested by

Host: login-microsoft-secure.vercel.app
URL: https://login-microsoft-secure.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d91d4259fcdf89b6db56f632beea1c2fbe714b294db8230fbe60908a2c3d7d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: s-maxage=31536000, immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"4c7e21f8914e5a801ecb655b3b42d2ef"
age: 120707
access-control-allow-origin: *
date: Wed, 13 Nov 2024 15:12:35 GMT
content-disposition: inline; filename="main.8775f43e.css"
content-type: text/css; charset=utf-8
server: Vercel
last-modified: Tue, 12 Nov 2024 05:40:48 GMT
x-vercel-id: fra1::f5d95-1731510755324-04b671f78ab1

GET
H2 200 microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
acctcdn.msftauth.net/images/ 4 KB
2 KB 120ms
13ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acctcdn.msftauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA7) /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

content-md5: nzaLxFgP7ZB3dfMcaybWzw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8DD007E6445A20B
age: 300852
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 13 Nov 2024 15:12:35 GMT
content-type: image/svg+xml
last-modified: Sat, 09 Nov 2024 05:21:40 GMT
vary: Accept-Encoding
cache-control: public, max-age=604800
x-ms-request-id: 0148bc56-e01e-00a4-1d21-33c38a000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1435
x-ms-blob-type: BlockBlob
server: ECAcc (frc/4CA7)

GET
H2 200 signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 2 KB
1 KB 116ms
13ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA2) /
Resource Hash: 8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

content-md5: R2FAVxfpONfnQAuxVxXbHg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8DB5C3F4BB4F03C
age: 20259156
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 13 Nov 2024 15:12:35 GMT
content-type: image/svg+xml
last-modified: Wed, 24 May 2023 10:11:52 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-ms-request-id: cc0763e7-101e-0082-0a9c-7d5b77000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 621
x-ms-blob-type: BlockBlob
server: ECAcc (frc/4CA2)

GET
H2 200 2_vD0yppaJX3jBnfbHF1hqXQ2.svg
acctcdn.msftauth.net/images/ 2 KB
823 B 116ms
12ms Image
image/svg+xml 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acctcdn.msftauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Requested by: Host: login-microsoft-secure.vercel.app
URL: https://login-microsoft-secure.vercel.app/static/css/main.8775f43e.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD0) /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

content-md5: DhdidjYrlCeaRJJRG/y9mA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-lease-status: unlocked
etag: 0x8DD007E5A0D94B5
age: 300564
x-ms-version: 2009-09-19
x-cache: HIT
date: Wed, 13 Nov 2024 15:12:35 GMT
content-type: image/svg+xml
last-modified: Sat, 09 Nov 2024 05:21:23 GMT
vary: Accept-Encoding
cache-control: public, max-age=604800
x-ms-request-id: beab4a7f-001e-00f1-6d22-33d301000000
accept-ranges: bytes
access-control-allow-origin: *
content-length: 673
x-ms-blob-type: BlockBlob
server: ECAcc (frc/4CD0)

GET
H2 200 favicon.png
login-microsoft-secure.vercel.app/ 8 KB
8 KB 42ms
30ms Other
image/png 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://login-microsoft-secure.vercel.app/favicon.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

afdc1f7760853922149412e2c3290b5c6c36321ff2ac6ac82fbae2368471ccc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://login-microsoft-secure.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=0, must-revalidate
x-vercel-cache: HIT
etag: "1e1786d59d49a9a0328ac1318d0c8148"
age: 20940
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8361
date: Wed, 13 Nov 2024 15:12:35 GMT
content-disposition: inline; filename="favicon.png"
content-type: image/png
server: Vercel
last-modified: Wed, 13 Nov 2024 09:23:35 GMT
x-vercel-id: fra1::d8848-1731510755800-2d860bebbb63

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkmsproject string| __reactRouterVersion

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
acctcdn.msftauth.net
fonts.googleapis.com
login-microsoft-secure.vercel.app
t1z.li
216.24.57.1
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:829::200a
76.76.21.93
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
43377aa6dbf576c39268b74a68e1451f5c30483ae93d4641d4d19f16a5c8de85
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
aa8edd1575c455e35c778fe4087fe4b3b5ee145300208e247231184ad3477a16
afdc1f7760853922149412e2c3290b5c6c36321ff2ac6ac82fbae2368471ccc6
d91d4259fcdf89b6db56f632beea1c2fbe714b294db8230fbe60908a2c3d7d08
fed62ab2e747f636863ea430ee7a58ea896aecf88c9fa8901fabee11f14da387

login-microsoft-secure.vercel.app Open in urlscan Pro 76.76.21.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

50 %IPv6

4 Domains

5 Subdomains

3 IPs

2 Countries

105 kBTransfer

344 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

login-microsoft-secure.vercel.app Open in urlscan Pro
76.76.21.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

3
IPs

2
Countries

105 kB
Transfer

344 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!