urlscan.io logo urlscan.io
SecurityTrails logo

micros0ft.shop Open in urlscan Pro
92.204.221.10  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://micros0ft.shop/
Submission: On June 08 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 17 HTTP transactions. The main IP is 92.204.221.10, located in Strasbourg, France and belongs to GODADDY-SXB, DE. The main domain is micros0ft.shop.
TLS certificate: Issued by R3 on May 11th 2024. Valid for: 3 months.
This is the only time micros0ft.shop was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 92.204.221.10 21499 (GODADDY-SXB)
7 2606:2800:233... 15133 (EDGECAST)
1 2 23.38.98.114 20940 (AKAMAI-ASN1)
2 2a02:26f0:310... 20940 (AKAMAI-ASN1)
4 2a02:26f0:310... 20940 (AKAMAI-ASN1)
2 20.42.73.24 8075 (MICROSOFT...)
17 6
1    92.204.221.10 (Strasbourg, France)

ASN21499 (GODADDY-SXB, DE)
PTR: 10.221.204.92.host.secureserver.net
micros0ft.shop
7    2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)
logincdn.msftauth.net
2    23.38.98.114 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-114.deploy.static.akamaitechnologies.com
img1.wsimg.com
2    2a02:26f0:3100::210:6e79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net
4    2a02:26f0:3100:38e::228b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
csp.secureserver.net
2    20.42.73.24 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
7 msftauth.net
logincdn.msftauth.net — Cisco Umbrella Rank: 4269
299 KB
6 secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 14156
csp.secureserver.net — Cisco Umbrella Rank: 14307
562 B
2 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 107
758 B
2 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 10882
21 KB
1 micros0ft.shop
micros0ft.shop
11 KB
17 5
Domain Requested by
7 logincdn.msftauth.net micros0ft.shop
logincdn.msftauth.net
4 csp.secureserver.net img1.wsimg.com
2 browser.events.data.microsoft.com logincdn.msftauth.net
2 events.api.secureserver.net img1.wsimg.com
2 img1.wsimg.com 1 redirects micros0ft.shop
1 micros0ft.shop
17 6

This site contains links to these domains. Also see Links.

Domain
login.live.com
Subject Issuer Validity Valid
www.micros0ft.shop
R3		 2024-05-11 -
2024-08-09		 3 months crt.sh
identitycdn.msauth.net
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-07 -
2025-06-02		 a year crt.sh
*.api.secureserver.net
Starfield Secure Certificate Authority - G2		 2023-07-10 -
2024-08-10		 a year crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2023-10-10 -
2024-11-10		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 07		 2024-03-31 -
2025-03-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://micros0ft.shop/
Frame ID: 1062EF9CBDAA0F89C24A6AFFE54CD7F9
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to Outlook

Page Statistics

17
Requests

94 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

332 kB
Transfer

1150 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
micros0ft.shop/ 		30 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://micros0ft.shop/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.204.221.10 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS
10.221.204.92.host.secureserver.net
Software
Apache /
Resource Hash
79eec6152bad51dc34c5956a35a1ceedff83247f1ee6cdeb38efd5e8c1c6dd79

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-encoding
br
content-length
10961
content-type
text/html
date
Sat, 08 Jun 2024 16:41:22 GMT
etag
"6f04fa2-74b0-6182cc796abe5-br"
last-modified
Sat, 11 May 2024 12:27:46 GMT
server
Apache
vary
Accept-Encoding
login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js
logincdn.msftauth.net/shared/5/js/ 		882 KB
224 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msftauth.net/shared/5/js/login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js
Requested by
Host: micros0ft.shop
URL: https://micros0ft.shop/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F8A) /
Resource Hash
0be6bac721fbbceda14c3a1cb5003853f25a9c6d1fd61fd1357b9efd3947ec06

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Origin
https://micros0ft.shop
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-encoding
gzip
content-md5
PPepeeFuO/VM6Lkm6l8EKg==
age
3131137
x-cache
HIT
content-length
229109
x-ms-lease-status
unlocked
last-modified
Tue, 30 Apr 2024 03:09:58 GMT
server
ECAcc (paa/6F8A)
etag
0x8DC68C3046AE61B
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
eb552b65-601e-00c9-7548-9dad71000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/
Redirect Chain
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
105 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Requested by
Host: micros0ft.shop
URL: https://micros0ft.shop/
Protocol
H2
Server
23.38.98.114 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-38-98-114.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8f7092c94ef904c57584706cdb5f1fd9fe1efce52ce3105e99b9a7def487f09f

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://micros0ft.shop/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

x-amz-version-id
VDVeY4oO8ClQrknn.k4OgPWK0heF1LAr
content-encoding
gzip
date
Sat, 08 Jun 2024 16:41:22 GMT
x-amz-request-id
YZ7SGDZDGX67DBSN
x-amz-server-side-encryption
AES256
x-amz-meta-version
0.4.0
content-length
20848
x-amz-id-2
/qG+3U5faooB5kxZoHvImH3nBhU4yiJkA7qYM2c8/iH4+1h2iVH+zv3Ina1/O2XL7Wq215FT8zA=
last-modified
Fri, 17 May 2024 22:31:26 GMT
etag
"ace51bdb3b35a6b66c74fa115d4caa3f"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 08 Jun 2024 17:11:22 GMT

Redirect headers

location
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
access-control-allow-origin
*
date
Sat, 08 Jun 2024 16:41:22 GMT
cache-control
max-age=31536000
timing-allow-origin
*
content-length
0
expires
Sun, 08 Jun 2025 16:41:22 GMT
oneds-analytics-js_54b1724af1b05e2ba3db_en.js
logincdn.msftauth.net/shared/5/chunks/ 		89 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js
Requested by
Host: logincdn.msftauth.net
URL: https://logincdn.msftauth.net/shared/5/js/login_en_1cVzCBHvh3SPpo0O3t4SnQ2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F04) /
Resource Hash
d755d7ce744425dee51a3bd8cba9b2a789d96c584c9958082b557feb70f226d9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Origin
https://micros0ft.shop
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-encoding
gzip
content-md5
Hlt2WzLF9llz2DXp7j6/IA==
age
5783627
x-cache
HIT
content-length
32821
x-ms-lease-status
unlocked
last-modified
Sat, 30 Mar 2024 01:20:24 GMT
server
ECAcc (paa/6F04)
etag
0x8DC5057934D08E4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ee447bcf-b01e-00cc-4428-852a7b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
53_8b36337037cff88c3df2.png
logincdn.msftauth.net/shared/5/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msftauth.net/shared/5/images/53_8b36337037cff88c3df2.png
Requested by
Host: micros0ft.shop
URL: https://micros0ft.shop/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F16) /
Resource Hash
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-md5
izYzcDfP+Iw98gO7c9WOQQ==
age
6530861
x-cache
HIT
content-length
5139
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:45:10 GMT
server
ECAcc (paa/6F16)
etag
0x8DB77257DAC6DE4
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
69d7fcb5-b01e-00a4-2b5c-7e3048000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
microsoft_logo_ee5c8d9fb6248c938fd0.svg
logincdn.msftauth.net/shared/5/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Requested by
Host: micros0ft.shop
URL: https://micros0ft.shop/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F69) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-encoding
gzip
content-md5
nzaLxFgP7ZB3dfMcaybWzw==
age
6530905
x-cache
HIT
content-length
1435
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:45:14 GMT
server
ECAcc (paa/6F69)
etag
0x8DB77257FFE6B4E
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
651ffdcf-f01e-0060-585c-7e1804000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
49_7916a894ebde7d29c2cc.jpg
logincdn.msftauth.net/shared/5/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msftauth.net/shared/5/images/49_7916a894ebde7d29c2cc.jpg
Requested by
Host: micros0ft.shop
URL: https://micros0ft.shop/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F42) /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-md5
eRaolOvefSnCzCmyZ/Epnw==
age
6530952
x-cache
HIT
content-length
17453
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:45:10 GMT
server
ECAcc (paa/6F42)
etag
0x8DB77257D73DA02
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
b5a49ba0-f01e-005c-255c-7ecd0c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
event
events.api.secureserver.net/t/1/tl/ 		43 B
281 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=micros0ft.shop&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.4.0&vg=c4c43401-7713-4791-b025-4cbf10483110&vtg=c4c43401-7713-4791-b025-4cbf10483110&dp=%2F&trace_id=1bece1f39a6a453883f9c99525725e93&cts=2024-06-08T16%3A41%3A22.609Z&hit_id=dbb76731-0240-486e-81c7-c5d47b59e1bb&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22sxb1plzcpnl440006%22%2C%22dcenter%22%3A%22sxb1%22%2C%22cp_id%22%3A%229877106%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=1564777404&z=1175268078
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100::210:6e79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Sat, 08 Jun 2024 16:41:22 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://micros0ft.shop
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
event
events.api.secureserver.net/t/1/tl/ 		43 B
281 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=micros0ft.shop&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.4.0&vg=c4c43401-7713-4791-b025-4cbf10483110&vtg=c4c43401-7713-4791-b025-4cbf10483110&dp=%2F&trace_id=1bece1f39a6a453883f9c99525725e93&cts=2024-06-08T16%3A41%3A22.689Z&hit_id=8cdab75d-fd4e-4b42-a53c-065a0423a9c6&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22sxb1plzcpnl440006%22%2C%22dcenter%22%3A%22sxb1%22%2C%22cp_id%22%3A%229877106%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=1564777404&z=1888271830&tce=1717864882249&tcs=1717864882181&tdc=1717864882680&tdclee=1717864882624&tdcles=1717864882624&tdi=1717864882624&tdl=1717864882295&tdle=1717864882181&tdls=1717864882181&tfs=1717864882170&tns=1717864882170&trqs=1717864882249&tre=1717864882291&trps=1717864882290&tles=1717864882680&tlee=0&nt=navigate&LCP=163&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100::210:6e79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Sat, 08 Jun 2024 16:41:22 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
https://micros0ft.shop
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
favicon.ico
logincdn.msftauth.net/16.000.30208.15/images/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://logincdn.msftauth.net/16.000.30208.15/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F35) /
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-md5
EuPayFgGHQiAI7K9SOL6lg==
age
238376
x-cache
HIT
content-length
17174
x-ms-lease-status
unlocked
last-modified
Mon, 29 Apr 2024 22:42:22 GMT
server
ECAcc (paa/6F35)
etag
0x8DC689DA2847E92
content-type
image/x-icon
access-control-allow-origin
*
x-ms-request-id
770f7f6c-801e-0083-6297-b77075000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=604800
x-ms-version
2009-09-19
accept-ranges
bytes
signin_options_4e48046ce74f4b89d450.svg
logincdn.msftauth.net/shared/5/images/ 		2 KB
772 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (paa/6F6D) /
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://micros0ft.shop/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 08 Jun 2024 16:41:22 GMT
content-encoding
gzip
content-md5
R2FAVxfpONfnQAuxVxXbHg==
age
6530945
x-cache
HIT
content-length
621
x-ms-lease-status
unlocked
last-modified
Tue, 27 Jun 2023 15:45:19 GMT
server
ECAcc (paa/6F6D)
etag
0x8DB772582D4527C
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
67a2d170-001e-00f3-205c-7e8275000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
eventbus
csp.secureserver.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100:38e::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://micros0ft.shop
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type,authorization
Access-Control-Allow-Methods
OPTIONS,POST
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Content-Type
application/json
Date
Sat, 08 Jun 2024 16:41:23 GMT
Expires
Sat, 08 Jun 2024 16:41:23 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id
ZDp0CF1zIAMEP2A=
x-amzn-requestid
b73359b3-d8e6-461d-8731-83c0e9ce1e98
x-amzn-trace-id
Root=1-666489b3-70b636872f0e2b0a36776c12
x-envoy-upstream-service-time
7
eventbus
csp.secureserver.net/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100:38e::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
api-key b18ef4f046435b64a469b32c3c1c20a3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://micros0ft.shop/
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 08 Jun 2024 16:41:23 GMT
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id
Root=1-666489b3-49e7ee3e1d3bf1e51bfc16ed
x-amzn-requestid
5aaa5b90-212e-4c21-9a6e-c7bede76882d
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
x-envoy-upstream-service-time
104
Connection
keep-alive
x-amz-apigw-id
ZDp0DHkzIAMEDAA=
Content-Length
0
Expires
Sat, 08 Jun 2024 16:41:23 GMT
eventbus
csp.secureserver.net/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100:38e::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
api-key 8da2217409854bee82e12dc4ca0b39fb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://micros0ft.shop/
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sat, 08 Jun 2024 16:41:23 GMT
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id
Root=1-666489b3-584071d000640c3252cea251
x-amzn-requestid
fdccdb3e-e4a6-49f1-9b16-fee60d9d3ae5
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
x-envoy-upstream-service-time
112
Connection
keep-alive
x-amz-apigw-id
ZDp0DEHGIAMEKZg=
Content-Length
0
Expires
Sat, 08 Jun 2024 16:41:23 GMT
eventbus
csp.secureserver.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3100:38e::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://micros0ft.shop
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type,authorization
Access-Control-Allow-Methods
OPTIONS,POST
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Content-Type
application/json
Date
Sat, 08 Jun 2024 16:41:23 GMT
Expires
Sat, 08 Jun 2024 16:41:23 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id
ZDp0CFXBIAMEq8Q=
x-amzn-requestid
345b6b2c-6a93-4df7-977c-6544a31bf0b8
x-amzn-trace-id
Root=1-666489b3-1162088f7fc12d724cf86cb7
x-envoy-upstream-service-time
5
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
758 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: logincdn.msftauth.net
URL: https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.42.73.24 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
d7a4d6af0b30bd12214cfb79f8d00885114a11cddc7058372c42fe9619a47b64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
upload-time
1717864884935
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
client-version
1DS-Web-JS-3.2.15
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://micros0ft.shop/
apikey
69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
Client-Id
NO_AUTH
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 08 Jun 2024 16:41:25 GMT
server
Microsoft-HTTPAPI/2.0
time-delta-millis
928
access-control-allow-methods
POST
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-type
application/json
access-control-allow-origin
https://micros0ft.shop
access-control-expose-headers
time-delta-millis
access-control-allow-credentials
true
access-control-allow-headers
P3P,Set-Cookie,time-delta-millis
content-length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.42.73.24 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://micros0ft.shop
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://micros0ft.shop
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Sat, 08 Jun 2024 16:41:24 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| PROOF object| ServerData function| $Loader object| g_dtFirstByte object| g_objPageMode number| g_iSRSFailed string| g_sSRSSuccess function| SRSRetry object| webpackChunk_msidentity_sisu_msa function| clearImmediate function| setImmediate object| regeneratorRuntime object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 object| __dynProto$Gbl object| _trfq

8 Cookies

Domain/Path Name / Value
.micros0ft.shop/ Name: _tccl_visitor
Value: c4c43401-7713-4791-b025-4cbf10483110
.micros0ft.shop/ Name: _tccl_visit
Value: c4c43401-7713-4791-b025-4cbf10483110
.micros0ft.shop/ Name: _scc_session
Value: pc=1&C_TOUCH=2024-06-08T16:41:22.608Z
micros0ft.shop/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: bb5570f1-2a7b-476d-bb40-4f5ae6807db5
micros0ft.shop/ Name: ai_session
Value: j43a98F9p2lH4AXeD5NITj|1717864882932|1717864882932
.microsoft.com/ Name: MC1
Value: GUID=df04af31b3984923a2010ff20748e701&HASH=df04&LV=202406&V=4&LU=1717864885863
.microsoft.com/ Name: MS0
Value: 8801ee2a0b314a0e9c641182665d0170
micros0ft.shop/ Name: MSFPC
Value: GUID=df04af31b3984923a2010ff20748e701&HASH=df04&LV=202406&V=4&LU=1717864885863

2 Console Messages

Source Level URL
Text
other warning URL: https://micros0ft.shop/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://micros0ft.shop/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.