![](/screenshots/f8d79a87-ba62-4539-9a88-3e27e856c47e.png)
security-9c07.rnicrosoft-login.com
Open in
urlscan Pro
2a00:1450:4001:831::2013
Malicious Activity!
Public Scan
Submission: On June 17 via api from CZ — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 22nd 2024. Valid for: 3 months.
This is the only time security-9c07.rnicrosoft-login.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1450:400... 2a00:1450:4001:831::2013 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
1 | 40.114.178.124 40.114.178.124 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 4 |
ASN15169 (GOOGLE, US)
security-9c07.rnicrosoft-login.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
icons.duckduckgo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373 |
668 KB |
1 |
duckduckgo.com
icons.duckduckgo.com — Cisco Umbrella Rank: 154536 |
2 KB |
1 |
rnicrosoft-login.com
security-9c07.rnicrosoft-login.com |
67 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
4 | cdn.jsdelivr.net |
security-9c07.rnicrosoft-login.com
|
1 | icons.duckduckgo.com | |
1 | security-9c07.rnicrosoft-login.com | |
6 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
rnicrosoft-login.com R3 |
2024-04-22 - 2024-07-21 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
*.duckduckgo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-05-02 - 2024-11-25 |
7 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://security-9c07.rnicrosoft-login.com/auth/9c07fe6cdb647c0b32560b0217800a5e825c8a14018ca8ff30b1f5c08b03b364?p=wcH0G7
Frame ID: 85600141CF5697E101C20976CAB7BD5A
Requests: 9 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Accord de service
Search URL Search Domain Scan URL
Title: Politique et cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
9c07fe6cdb647c0b32560b0217800a5e825c8a14018ca8ff30b1f5c08b03b364
security-9c07.rnicrosoft-login.com/auth/ |
220 KB 67 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tailwind.min.css
cdn.jsdelivr.net/npm/tailwindcss@%5E2/dist/ |
3 MB 270 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
weakmap-polyfill.min.js
cdn.jsdelivr.net/npm/weakmap-polyfill/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
formdata-polyfill
cdn.jsdelivr.net/npm/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zxcvbn.js
cdn.jsdelivr.net/npm/zxcvbn/dist/ |
803 KB 393 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.live.com.ico
icons.duckduckgo.com/ip3/ |
17 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| _0x2596a1 function| _0x50ef0e function| _0xb6a3 function| _0x332e function| _0x264730 function| _0x60deb9 function| _0xcd0c28 function| _0x25c0eb function| _0x5149b2 function| _0x18f4b0 function| _0x49c715 function| _0x47e2 function| _0x4f330d function| _0x3990cd function| _0x5eb367 function| _0xe9e8 function| _0x1d9773 function| _0x20093c undefined| closemodal function| hideModal function| _0x601a40 function| zxcvbn0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
icons.duckduckgo.com
security-9c07.rnicrosoft-login.com
2a00:1450:4001:831::2013
2a04:4e42::485
40.114.178.124
0fb43fc566d2e77d49f75c8f273f6a1717d9c455eb73bb3ea64b6ebb9516ccce
40cb89b958e5228cfe3e507c3fe2789be520b08690b1e8ed0a1fda3f9da2cd9e
4ea67f558745ec622673a991a90cced6c4bcc6671424b994456bf1b8195c41fd
56f53c550dee1aa076c8c1d59652185c0d1087acc902b9357af0d66f4e50123b
697a9732b7e7c2ea771298fe0020dd80797b280a3ce528a5d3044c89f891f1d4
6d1b1221b7d33ca4703dbd292a0bc396c89282aa2b0b44157af20234fe287a40
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
b6ad97402eddb903e7a5d7a73ee47a679204efbdda4521a391cbad9df509b932
f42c651f40506acb6b662490f338dd47a5951d3312039c4ab8fe5090484f351a