msft.hsprotect.net - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2a02:26f0:7100::213:c6fb, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is msft.hsprotect.net. The Cisco Umbrella rank of the primary domain is 81391.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 27th 2024. Valid for: a year.

This is the only time msft.hsprotect.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2a02:26f0:710... 2a02:26f0:7100::213:c6fb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:710... 2a02:26f0:7100::687e:25e3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.107.199.61 34.107.199.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
7	4

2 2a02:26f0:7100::213:c6fb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

msft.hsprotect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::687e:25e3 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

client.hsprotect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.199.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.199.107.34.bc.googleusercontent.com

stk.hsprotect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxzc5j78di.hsprotect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	hsprotect.net msft.hsprotect.net — Cisco Umbrella Rank: 81391 client.hsprotect.net — Cisco Umbrella Rank: 83000 stk.hsprotect.net — Cisco Umbrella Rank: 79076 collector-pxzc5j78di.hsprotect.net — Cisco Umbrella Rank: 84085	70 KB
7	1

	Domain	Requested by
3	collector-pxzc5j78di.hsprotect.net	client.hsprotect.net
2	msft.hsprotect.net
1	stk.hsprotect.net	client.hsprotect.net
1	client.hsprotect.net	msft.hsprotect.net
7	4

This site contains no links.

Subject Issuer	Validity	Valid
*.hsprotect.net DigiCert TLS RSA SHA256 2020 CA1	`2024-03-27` - `2025-03-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://msft.hsprotect.net/index.html
Frame ID: D051B1AE4E3C86A60AACA888B1916D9A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Human Sensor Script Iframe

Page URL History Show full URLs

http://msft.hsprotect.net/index.html HTTP 307
https://msft.hsprotect.net/index.html Page URL

Detected technologies

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

4
Subdomains

4
IPs

2
Countries

70 kB
Transfer

156 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://msft.hsprotect.net/index.html HTTP 307
https://msft.hsprotect.net/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response msft.hsprotect.net/ Redirect Chain http://msft.hsprotect.net/index.html https://msft.hsprotect.net/index.html	1 KB 1 KB	245ms 162ms	Document text/html	2a02:26f0:7100::213:c6fb AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://msft.hsprotect.net/index.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::213:c6fb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software UploadServer / Resource Hash `3b8d3c93fd78c24f4c175c8515e4a5df79aee536af4ced58ba078ea591569eac` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Alt-Svc h3=":443"; ma=93600 Cache-Control max-age=0 Connection keep-alive Content-Encoding gzip Content-Length 687 Content-Type text/html Date Mon, 21 Oct 2024 09:09:11 GMT ETag "5dc258f6742f6d22a4cd80f50926ed70" Expires Mon, 21 Oct 2024 09:09:11 GMT Last-Modified Thu, 06 Jun 2024 12:39:48 GMT Server UploadServer Vary Accept-Encoding X-GUploader-UploadID AD-8ljvpquCsDFCdYMhxuV93BNG9E0KdgKLeK5fw4U4cPUFizqPL3b_UKcSsBaG4vBm5pEvGCrdO7XocRA x-amz-checksum-crc32c 5beoRw== x-goog-generation 1717677588065406 x-goog-hash crc32c=5beoRw== x-goog-metageneration 2 x-goog-storage-class STANDARD x-goog-stored-content-encoding identity x-goog-stored-content-length 1233 Redirect headers Location https://msft.hsprotect.net/index.html Non-Authoritative-Reason HttpsUpgrades
GET H2	200	main.min.js Show response client.hsprotect.net/PXzC5j78di/	152 KB 64 KB	101ms 17ms	Script application/javascript	2a02:26f0:7100::687e:25e3 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://client.hsprotect.net/PXzC5j78di/main.min.js Requested by Host: msft.hsprotect.net URL: https://msft.hsprotect.net/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::687e:25e3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software UploadServer / Resource Hash `035905771b393e9361f48a39c831aec9c9a690e3e45bc9bd27a4998dab6268cc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://msft.hsprotect.net/ Response headers cache-control max-age=600 access-control-expose-headers active-cdn,x-served-by,Akamai-Request-BC content-encoding gzip etag "a04fecaee629bdc94bd88ad03d51e2a0" active-cdn Akamai expires Mon, 21 Oct 2024 09:11:38 GMT accept-ranges bytes access-control-allow-origin * content-length 65421 date Mon, 21 Oct 2024 09:09:11 GMT last-modified Mon, 21 Oct 2024 08:55:28 GMT content-type application/javascript; charset=utf-8 server UploadServer vary Accept-Encoding
GET H/1.1	200 OK	ns Show response stk.hsprotect.net/	350 B 484 B	129ms 33ms	XHR text/html	34.107.199.61 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://stk.hsprotect.net/ns?c=232ba130-8f8c-11ef-aca7-e72c6c80ab79 Requested by Host: client.hsprotect.net URL: https://client.hsprotect.net/PXzC5j78di/main.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.107.199.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 61.199.107.34.bc.googleusercontent.com Software / Resource Hash `5929df254f097221386d2cf4407aa2d66acb1dd632618891e194159c1681736f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://msft.hsprotect.net/ Response headers Access-Control-Allow-Origin * Content-Length 350 Date Mon, 21 Oct 2024 09:09:11 GMT Content-Type text/html
POST H2	200	msft Show response collector-pxzc5j78di.hsprotect.net/api/v2/	820 B 1 KB	249ms 180ms	XHR application/json	35.190.10.96 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxzc5j78di.hsprotect.net/api/v2/msft Requested by Host: client.hsprotect.net URL: https://client.hsprotect.net/PXzC5j78di/main.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 96.10.190.35.bc.googleusercontent.com Software / Resource Hash `3cc3432a19585b9b2b1de0dccdaaa1cb28648eb374bccf49d96edd3d4af89cf7` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Referer https://msft.hsprotect.net/ Response headers timing-allow-origin * access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE via 1.1 google access-control-allow-origin https://msft.hsprotect.net alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 820 date Mon, 21 Oct 2024 09:09:11 GMT content-type application/json; charset=utf-8
GET H/1.1	404 Not Found	favicon.ico msft.hsprotect.net/	198 B 548 B	226ms 226ms	Other application/xml	2a02:26f0:7100::213:c6fb AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://msft.hsprotect.net/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::213:c6fb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software UploadServer / Resource Hash `874800ef3495a0af012aa1eee248a3a2ce891c7837f0864fe4d8883fe5438633` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://msft.hsprotect.net/index.html Response headers Cache-Control private, max-age=0 Connection keep-alive Expires Mon, 21 Oct 2024 09:09:12 GMT Content-Length 198 Date Mon, 21 Oct 2024 09:09:12 GMT Content-Type application/xml; charset=UTF-8 Server UploadServer X-GUploader-UploadID AHmUCY0y5aBGPA3CUSuI1rdiNGKE6WUerMRn5T14VmZIUUrQupXuxLSoSfEVHcQYS-lgh_tDP1c
POST H2	200	msft Show response collector-pxzc5j78di.hsprotect.net/api/v2/	932 B 988 B	201ms 198ms	XHR application/json	35.190.10.96 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxzc5j78di.hsprotect.net/api/v2/msft Requested by Host: client.hsprotect.net URL: https://client.hsprotect.net/PXzC5j78di/main.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 96.10.190.35.bc.googleusercontent.com Software / Resource Hash `b487419b474c36d055d8fe9932b80ee0b8db81f9078f12e523ab8c16112bacee` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Referer https://msft.hsprotect.net/ Response headers timing-allow-origin * access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE via 1.1 google access-control-allow-origin https://msft.hsprotect.net alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 932 date Mon, 21 Oct 2024 09:09:12 GMT content-type application/json; charset=utf-8
POST H3	200	msft Show response collector-pxzc5j78di.hsprotect.net/api/v2/	932 B 950 B	162ms 160ms	XHR application/json	35.190.10.96 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxzc5j78di.hsprotect.net/api/v2/msft Requested by Host: client.hsprotect.net URL: https://client.hsprotect.net/PXzC5j78di/main.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 96.10.190.35.bc.googleusercontent.com Software / Resource Hash `2b38ba97723c4e208303c341ffb3339c25edccac85ec262ccc9e02e50f1b3b12` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Content-type application/x-www-form-urlencoded Referer https://msft.hsprotect.net/ Response headers timing-allow-origin * access-control-allow-credentials true access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE via 1.1 google access-control-allow-origin https://msft.hsprotect.net alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 932 date Mon, 21 Oct 2024 09:09:15 GMT content-type application/json; charset=utf-8

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsprotect.net/	1969-12-31 23:59:59	Name: pxcts Value: 2343e9bd-8f8c-11ef-adb5-174474785787
.hsprotect.net/	1970-01-21 09:10:37	Name: _pxvid Value: 2343df97-8f8c-11ef-adb4-25b81afa62c3
.hsprotect.net/	1970-01-21 00:25:02	Name: _px3 Value: 3b12cb639ad85b3dda9412458eea72b26f0af3a2590cefd4b29adf2cb8a28841:2MnUQpQd2olvpwbfiJaRdb6PmpIkX0u74Ax7z+dqicV8F7X+n0ZgAk1QYYldsfYdYNuVKURvcbpR+h8pv6BlcQ==:1000:HEAv33of92GuQ8IINK9UAMu8+/rW5SpdyrROcHaP5aUSVnM8b+tQ5NDDV5nUO8NKsuUaRsge2NU2eNfLDgHFx7QfQcYa1uYMYmImwnMQEJVJwEPHs7eKHF0Jo5ddIz+i3Xws9mLspFPPAZLNeMVgevMq2bdnTq4K6pjzYkTflvBP0uD2QwN9jaRm8JZNCEV2+r/UXJy0mZAx7wOPEWww+VOPywB7dnAia4uvZkMYtp0=
.hsprotect.net/	1970-01-21 00:25:02	Name: _pxde Value: 994924037270c86045a4aa2c2e1e2fb7cbe9ba3e2cfcb2d48fa453e71e973bb5:eyJ0aW1lc3RhbXAiOjE3Mjk1MDE3NTMxMDAsImZfa2IiOjAsImlwY19pZCI6W10sImluY19pZCI6WyJiZjNlM2M4YWY2NmI0MWZhYWYwMDNmN2I4YmY5MTYwMSJdfQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://msft.hsprotect.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

client.hsprotect.net
collector-pxzc5j78di.hsprotect.net
msft.hsprotect.net
stk.hsprotect.net
2a02:26f0:7100::213:c6fb
2a02:26f0:7100::687e:25e3
34.107.199.61
35.190.10.96
035905771b393e9361f48a39c831aec9c9a690e3e45bc9bd27a4998dab6268cc
2b38ba97723c4e208303c341ffb3339c25edccac85ec262ccc9e02e50f1b3b12
3b8d3c93fd78c24f4c175c8515e4a5df79aee536af4ced58ba078ea591569eac
3cc3432a19585b9b2b1de0dccdaaa1cb28648eb374bccf49d96edd3d4af89cf7
5929df254f097221386d2cf4407aa2d66acb1dd632618891e194159c1681736f
874800ef3495a0af012aa1eee248a3a2ce891c7837f0864fe4d8883fe5438633
b487419b474c36d055d8fe9932b80ee0b8db81f9078f12e523ab8c16112bacee

msft.hsprotect.net Open in urlscan Pro 2a02:26f0:7100::213:c6fb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

50 %IPv6

1 Domains

4 Subdomains

4 IPs

2 Countries

70 kBTransfer

156 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

msft.hsprotect.net Open in urlscan Pro
2a02:26f0:7100::213:c6fb Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

4
Subdomains

4
IPs

2
Countries

70 kB
Transfer

156 kB
Size

4
Cookies

7 HTTP transactions
0 data transactions