Report - sso.dns-verify.com/

Report Overview

Visited public
2025-04-18 13:34:36
Tags
microsoft phishing
Submit Tags
URL
sso.dns-verify.com/
Finishing URL
sso.dns-verify.com/
IP / ASN
52.168.94.228
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
Sign in to your Microsoft account
Phishing - Microsoft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
df6.cfp.microsoft.com	unknown	1991-05-02	2025-02-06	2025-03-25	518 B	0 B	0.0.0.0
logincdn.msftauth.net	unknown	2018-10-25	2020-04-23	2025-04-03	2.9 kB	1.2 MB	23.33.119.89
fpt.live.com	58693	1994-12-28	2017-01-31	2025-04-16	2.7 kB	25 kB	52.167.30.171
sso.dns-verify.com	unknown	2021-01-26	2025-04-18	2025-04-18	1.5 kB	30 kB	52.168.94.228
browser.events.data.microsoft.com	290	1991-05-02	2018-05-25	2025-04-17	1.5 kB	1.7 kB	13.69.109.130
df.cfp.microsoft.com	unknown	1991-05-02	2025-02-06	2025-04-16	1.1 kB	2.6 kB	52.167.30.171

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-18	medium	sso.dns-verify.com/	Outlook
2025-04-18	medium	sso.dns-verify.com/	Outlook

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	sso.dns-verify.com/	ScriptElement	305 B	2024-06-28	2025-06-25
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-28 09:11 Last Seen2025-06-25 10:17 Times Seen342 Hash cbe7b18bda13dbacb66eb8e2c444878a 337412296a63c982a3f612ea9f5d670bfd672d48 d65701172b38290d0e8cb97b145cd2e02cde593a6bd1a0811b84231dc7ef97f4 Loading...

	sso.dns-verify.com/	ScriptElement	250 B	2023-03-07	2025-06-25
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:25 Last Seen2025-06-25 10:17 Times Seen1257 Hash 31726b85324d5d02fb7c6d8ea96988e3 e25a6e3372944a3788df8f36982700d9a7c552c4 6bb4231b11dd1282c63397c375c3b33bf2e35e61012989d98945f4046a8652ee Loading...

	logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js	ScriptElement	91 kB	2024-09-28	2025-06-25
Pretty URL logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js IP 23.33.119.89 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 07:41 Last Seen2025-06-25 10:17 Times Seen47 Hash 0babaf1d46acdfadc9fe4afa5c0354c3 3407bd2ee6afb10acd3dab966cf05c42fe4b1dcc 23ef819e5c8868fffb2c9c99201da945887de5ed5b260a81646be624f681ebf2 Loading...

	logincdn.msftauth.net/shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js	ScriptElement	58 kB	2025-03-25	2025-05-05
Pretty URL logincdn.msftauth.net/shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js IP 23.33.119.89 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-25 16:16 Last Seen2025-05-05 15:31 Times Seen20 Hash 2e30b241c1ef3bc0ab6888daafa58e77 5650a0fd750df9212536e5a7cd0e69517f4b570a 130aea4f261831cee2d2502c5e09d80750da05445d9379572e79db4d64b7471b Loading...

	df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=44e28f624e404f14807c13e89e80fe3a&id=8716095e-a776-e387-e245-cdde07fb2091&w=8DD7E7DB822B837&tkt=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d	ScriptElement	2.1 kB	2025-04-18	2025-04-18
Pretty URL df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=44e28f624e404f14807c13e89e80fe3a&id=8716095e-a776-e387-e245-cdde07fb2091&w=8DD7E7DB822B837&tkt=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d IP 52.167.30.171 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-18 13:34 Last Seen2025-04-18 13:34 Times Seen1 Hash 03831343049378415c58b4b87636cab1 9dd615645ed357c7b46d7ea3458c51ba069320db 412bfb7d9695fb803f41843f576108e144ec005d1a0055efce516240659eed71 Loading...

	sso.dns-verify.com/	ScriptElement	16 kB	2025-04-18	2025-04-18
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-18 13:34 Last Seen2025-04-18 13:34 Times Seen1 Hash bc4177ddb0d0bd9982d4d4959428ba75 ba1a4e196b5f1b814dfca7db013fa8c296c48618 08d25d69e1b5da2d66f0e48c62c206a562f0ff5a2b2a1ff3c88e17fc854fdcd3 Loading...

	sso.dns-verify.com/	ScriptElement	5.0 kB	2025-03-08	2025-06-25
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-08 13:20 Last Seen2025-06-25 18:31 Times Seen77 Hash 63f7c8798121687521dc2c3ff301ca52 485fa0e559af2ebac03ca322e3def12b193a6b09 5fefb415655d9add9c95a638ac5924ffd69f3447b0b603365065b4371ef533e6 Loading...

	sso.dns-verify.com/	ScriptElement	234 B	2025-04-18	2025-04-18
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-18 13:34 Last Seen2025-04-18 13:34 Times Seen1 Hash 7876d3984f9b2aab57e7268b156529ac f013f38348e019e0032e4a2fc797797a1ebeab8d 3e917446ccca409f3cd9dae79f1ec6d9afbc01f8a81460e8f9bf2e6a1f664248 Loading...

	sso.dns-verify.com/	ScriptElement	896 B	2023-03-07	2025-06-27
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-27 10:08 Times Seen839 Hash ea11dc29cc107ad5cddc5c6c6cb9b7d7 2663e82c5ee7b5a261668e2130983c774e15a1d8 da7c2ce0351c80a1f61bf9c04b316e5dbfdd15d9c107614f3581bde880ef5997 Loading...

	sso.dns-verify.com/	ScriptElement	1.6 kB	2025-01-20	2025-05-05
Pretty URL sso.dns-verify.com/ IP 52.168.94.228 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-20 18:57 Last Seen2025-05-05 15:31 Times Seen105 Hash 432b4431d32fb4047da15966ef81ea9e 0e81abc1a21fee6288bc99beae44dd7a994cf3f5 2a9d94079501494d549f1714ecb9a31f7608669863b908be31e52c2360d01443 Loading...

		Size	First Seen	Last Seen
	#1 Write - daaf8fc9c030cf1db8ac2ce629fad6ad	115 B	2025-04-18 13:34	2025-04-18 13:34
Pretty Observations First Seen2025-04-18 13:34 Last Seen2025-04-18 13:34 Times Seen1 Hash daaf8fc9c030cf1db8ac2ce629fad6ad 551ff0eccb62b46d57ba59dc727d3bf148ced048 426853a42b4d8220eb58ee29bb2c52cfbdf550d1421a0ca0678e55a5abc02710 Loading...

HTTP Transactions (14)

URL IP Response Size

GET logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg

23.33.119.89

200 OK

3.7 kB

URL GET
logincdn.msftauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3651 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

HTTP Headers

GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 1435
content-type: image/svg+xml
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
last-modified: Thu, 31 Oct 2024 23:10:18 GMT
accept-ranges: bytes
etag: "0x8DCFA012FC16593"
x-ms-request-id: bbbb4f69-101e-005f-0cce-61355b000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=22894574
date: Fri, 18 Apr 2025 13:34:16 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983256.b9aed4f
X-Firefox-Spdy: h2

GET fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTk1NTdjNGExY2FiNDQ5OTE0MTY0NTM5NGRiZDBiYzAxJmZuPTkmbGg9aHR0cHMlM0ElMkYlMkZmcHQubGl2ZS5jb20lMkYlM0ZzZXNzaW9uX2lkJTNENDRlMjhmNjI0ZTQwNGYxNDgwN2MxM2U4OWU4MGZlM2ElMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU0kmZHI9aHR0cHMlM0ElMkYlMkZzc28uZG5zLXZlcmlmeS5jb20lMkYmdz04REQ3RTdEQjgyMkI4MzcmaWQ9ODcxNjA5NWUtYTc3Ni1lMzg3LWUyNDUtY2RkZTA3ZmIyMDkxJmE9JmM9ZWE5ZGQ0NzI3N2I0NDY5NWIwMjgwMTJlMWEwYjg0MWY=&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI

52.167.30.171

200 OK

6 B

URL GET
fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTk1NTdjNGExY2FiNDQ5OTE0MTY0NTM5NGRiZDBiYzAxJmZuPTkmbGg9aHR0cHMlM0ElMkYlMkZmcHQubGl2ZS5jb20lMkYlM0ZzZXNzaW9uX2lkJTNENDRlMjhmNjI0ZTQwNGYxNDgwN2MxM2U4OWU4MGZlM2ElMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU0kmZHI9aHR0cHMlM0ElMkYlMkZzc28uZG5zLXZlcmlmeS5jb20lMkYmdz04REQ3RTdEQjgyMkI4MzcmaWQ9ODcxNjA5NWUtYTc3Ni1lMzg3LWUyNDUtY2RkZTA3ZmIyMDkxJmE9JmM9ZWE5ZGQ0NzI3N2I0NDY5NWIwMjgwMTJlMWEwYjg0MWY=&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint35:41:CD:C9:AC:E7:86:9F:8F:49:45:F8:2E:FE:1C:74:50:67:B3:AF
ValidityFri, 28 Feb 2025 05:51:16 GMT - Wed, 27 Aug 2025 05:51:16 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
aaab7a355103063d9eeb4824a3a6b374
e51555f02c32321f3e48f07a0fa5af46df835bfc
79ba862622d6fa84ac7e4f98eb95043a255fc2c81711e9400a8aa4d4b1608471

HTTP Headers

GET /Images/Clear.PNG?ctx=jscb1.0&session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wJm9zPUxpbnV4IHg4Nl82NCZscHJvYz00OCZvbD10cnVlJnByb3N1Yj0yMDEwMDEwMSZvc2NwdT1MaW51eCB4ODZfNjQmZXZhbD0zNyZhcHB2PTUuMCAoWDExKSZscz1mYWxzZSZtdHA9MCZuYz00MCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4MTAyNCZ0ej0wJmRzdD0wJnR6bz0wJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTk1NTdjNGExY2FiNDQ5OTE0MTY0NTM5NGRiZDBiYzAxJmZuPTkmbGg9aHR0cHMlM0ElMkYlMkZmcHQubGl2ZS5jb20lMkYlM0ZzZXNzaW9uX2lkJTNENDRlMjhmNjI0ZTQwNGYxNDgwN2MxM2U4OWU4MGZlM2ElMjZDdXN0b21lcklkJTNEMzNlMDE5MjEtNGQ2NC00ZjhjLWEwNTUtNWJkYWZmZDVlMzNkJTI2UGFnZUlkJTNEU0kmZHI9aHR0cHMlM0ElMkYlMkZzc28uZG5zLXZlcmlmeS5jb20lMkYmdz04REQ3RTdEQjgyMkI4MzcmaWQ9ODcxNjA5NWUtYTc3Ni1lMzg3LWUyNDUtY2RkZTA3ZmIyMDkxJmE9JmM9ZWE5ZGQ0NzI3N2I0NDY5NWIwMjgwMTJlMWEwYjg0MWY=&eci=eyJ1dmRyIjoiTWVzYSIsInVyZHIiOiJsbHZtcGlwZSIsInZkciI6Ik1vemlsbGEiLCJyZHIiOiJsbHZtcGlwZSIsImlkdWgiOiJmYzk5ZmY3ZjQ5OTEzMTRlMzBiODY5MzM0N2YyZWJmZCJ9&PageId=SI HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
set-cookie: fptctx2=J2lVSzXLZLjGnFoFngsBvHP5%252fA5FS4D4Lyse0KStJl%252fS3ENI2juR7SxIHrvdDo%252fW8PTvAgAkMZPG51bHey5BoA%252bmFSzaN01gDwif3vygFS04MU4jPDEAmD0I8tfrAXD8gik%252bmvI7ZIQqWsXioyUbQb%252fgRwpZPaL8K10vVCVSZdK5pteJCfKGwQ%252fVuddxS9vQBKsSvmMi86DMqqj7jkM6nozAc2TAnXUtjVroob3uVW01IuS08yTqY4B1KF2QvZdMxw4YlCe53Vy3fNizY%252fSDvLB926Tqygk1QWtPPchDsqI%253d; domain=.live.com; path=/; secure; httponly
MUID=8716095ea776e387e245cdde07fb2091; expires=Sat, 18 Apr 2026 13:34:20 GMT; domain=.live.com; path=/; secure; httponly
date: Fri, 18 Apr 2025 13:34:20 GMT
X-Firefox-Spdy: h2

GET logincdn.msftauth.net/shared/5/js/login_en_dIHFbv1kOfgEIR7llnbsvQ2.js

23.33.119.89

200 OK

1.0 MB

URL GET
logincdn.msftauth.net/shared/5/js/login_en_dIHFbv1kOfgEIR7llnbsvQ2.js
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65470)
Size
1.0 MB (1000728 bytes)
Hash
7481c56efd6439f804211ee59676ecbd
417b0ddc83a25ea2bed61efab231ce4f660e8443
623c031fdd9ee44e6d2c60d528ec437ef31bcaadf076d5622450a12eefebc40f

HTTP Headers

GET /shared/5/js/login_en_dIHFbv1kOfgEIR7llnbsvQ2.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 252684
content-type: application/x-javascript
content-encoding: gzip
content-md5: 8PtbrP0y6O9IE5MYHNn0YA==
last-modified: Fri, 11 Apr 2025 13:57:49 GMT
accept-ranges: bytes
etag: "0x8DD7900D8798F2C"
x-ms-request-id: c08c4042-e01e-0016-1dfc-aa77b0000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=30940471
date: Fri, 18 Apr 2025 13:34:15 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983255.b9ae949
X-Firefox-Spdy: h2

POST sso.dns-verify.com/GetExperimentAssignments.srf

52.168.94.228

200 OK

175 B

URL POST
sso.dns-verify.com/GetExperimentAssignments.srf
IP
52.168.94.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://sso.dns-verify.com/
Certificate
IssuerLet's Encrypt
Subjectlogin.dns-verify.com
Fingerprint43:BF:F7:3B:27:DB:BA:65:89:9B:21:82:34:B2:FA:1A:4F:CA:CA:A9
ValidityThu, 17 Apr 2025 16:07:39 GMT - Wed, 16 Jul 2025 16:07:38 GMT

File type
JSON text data
Size
175 B (175 bytes)
Hash
e070328b1679dc99cda2c4d0fb35da8e
87f01f7276eebfd9bbc2193dbf2cc6d31e12a6de
4c5f1f6503a09b6aeb7d51a3439f93fa9634225d1b3ffa07c7406624869b9724

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook

HTTP Headers

POST /GetExperimentAssignments.srf HTTP/1.1
Host: sso.dns-verify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
hpgid: 33
hpgact: 0
correlationId: 44e28f624e404f14807c13e89e80fe3a
client-request-id: 44e28f624e404f14807c13e89e80fe3a
Content-Type: application/json; charset=utf-8
Content-Length: 1046
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Cookie: uaid=44e28f624e404f14807c13e89e80fe3a; MSPRequ=id=N&lt=1744983254&co=1; MSCC=52.168.94.228-US; MSPOK=$uuid-00613deb-17d1-418c-bf8d-9003e66d5a74; OParams=11O.DtIvcpnAMVDEVGBJtJ!Jox1pPc29DoQsSoxDXDjPXqEmiZFEYrGTqxTBYmhc0DgTgcBGGnI3z5m3DfnfiiLVCx*mmq8KA9tGLx0fJ0rMl1TZvt!WhWzBbxLbGYQpUC7Oq5RMnb*eLQ!poFtKFAmtfBc$
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Connection: close
Content-Type: application/json
Date: Fri, 18 Apr 2025 13:34:16 GMT
Expires: Fri, 18 Apr 2025 13:33:16 GMT
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Ppserver: PPV: 30 H: BL02EPF0002791C V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Transfer-Encoding: chunked
X-Ms-Request-Id: b0f2ead7-cc93-43f8-a2de-58d5350395bd
X-Ms-Route-Info: C533_BL2

GET fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

52.167.30.171

200 OK

24 kB

URL GET
fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint35:41:CD:C9:AC:E7:86:9F:8F:49:45:F8:2E:FE:1C:74:50:67:B3:AF
ValidityFri, 28 Feb 2025 05:51:16 GMT - Wed, 27 Aug 2025 05:51:16 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (23319), with CRLF line terminators
Size
24 kB (23783 bytes)
Hash
468312a0fd8e261b2422693de20d4294
de9adc9054b1dc53558fce2119a01e4e0ae610b4
beee42dea554c4d4de303c51129d69b16bc23720a1a557c96550eddaaaa9c853

HTTP Headers

GET /?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1
Host: fpt.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
set-cookie: fptctx2=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5; domain=.live.com; path=/; secure; httponly
MUID=c0d62f02bf7447abafe3f8f1d5371430; expires=Sat, 18 Apr 2026 13:34:18 GMT; domain=.live.com; path=/; secure; httponly
date: Fri, 18 Apr 2025 13:34:17 GMT
X-Firefox-Spdy: h2

GET logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg

23.33.119.89

200 OK

1.6 kB

URL GET
logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1592 bytes)
Hash
4e48046ce74f4b89d45037c90576bfac
4a41b3b51ed787f7b33294202da72220c7cd2c32
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

HTTP Headers

GET /shared/5/images/signin_options_4e48046ce74f4b89d450.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 621
content-type: image/svg+xml
content-encoding: gzip
content-md5: R2FAVxfpONfnQAuxVxXbHg==
last-modified: Thu, 31 Oct 2024 23:10:22 GMT
accept-ranges: bytes
etag: "0x8DCFA01328A83B4"
x-ms-request-id: 43ab30de-301e-00ac-2c9c-6692ce000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=26535769
date: Fri, 18 Apr 2025 13:34:17 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983257.b9af26f
X-Firefox-Spdy: h2

GET logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js

23.33.119.89

200 OK

91 kB

URL GET
logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65439)
Size
91 kB (90678 bytes)
Hash
0babaf1d46acdfadc9fe4afa5c0354c3
3407bd2ee6afb10acd3dab966cf05c42fe4b1dcc
23ef819e5c8868fffb2c9c99201da945887de5ed5b260a81646be624f681ebf2

HTTP Headers

GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 32811
content-type: application/x-javascript
content-encoding: gzip
content-md5: vNaMik8bsTsnLgL9oOtUYA==
last-modified: Thu, 31 Oct 2024 23:09:56 GMT
accept-ranges: bytes
etag: "0x8DCFA0122C7CB23"
x-ms-request-id: c9aab6cf-b01e-003a-3da2-664eb6000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=23425267
date: Fri, 18 Apr 2025 13:34:16 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983256.b9aeb22
X-Firefox-Spdy: h2

POST browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

13.69.109.130

200 OK

153 B

URL POST
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
13.69.109.130:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint1B:B3:E9:7A:18:E5:37:3B:8B:C1:EC:3F:AB:B1:73:34:BF:7A:79:6D
ValidityThu, 13 Mar 2025 23:04:58 GMT - Tue, 09 Sep 2025 23:04:58 GMT

File type
JSON text data
Size
153 B (153 bytes)
Hash
64bac83a717d0b704dbd500fe5028c64
fe702cd4244944cd48161607f4230194eebdd177
a74906175e6e4ac35cbba2f95744b5692ba65f276b63db13a67b7f1b23158f0b

HTTP Headers

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.15
apikey: 69adc3c768bd4dc08c19416121249fcc-66f1668a-797b-4249-95e3-6c6651768c28-7293
upload-time: 1744983259666
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 10473
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache

HTTP/2 200 OK
content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=14c8f8e19f9b4586bc9ae1b2918cf8ba&HASH=14c8&LV=202504&V=4&LU=1744983259896; Domain=.microsoft.com; Expires=Sat, 18 Apr 2026 13:34:19 GMT; Path=/;Secure; SameSite=None
MS0=915e7bb92e5d458ca778e23ffb81ba3e; Domain=.microsoft.com; Expires=Fri, 18 Apr 2025 14:04:19 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 230
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://sso.dns-verify.com
access-control-expose-headers: time-delta-millis
date: Fri, 18 Apr 2025 13:34:19 GMT
X-Firefox-Spdy: h2

GET df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=44e28f624e404f14807c13e89e80fe3a&id=8716095e-a776-e387-e245-cdde07fb2091&w=8DD7E7DB822B837&tkt=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d

52.167.30.171

200 OK

2.3 kB

URL GET
df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=44e28f624e404f14807c13e89e80fe3a&id=8716095e-a776-e387-e245-cdde07fb2091&w=8DD7E7DB822B837&tkt=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
IP
52.167.30.171:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Certificate
IssuerMicrosoft Corporation
Subjectfpt.microsoft.com
Fingerprint35:41:CD:C9:AC:E7:86:9F:8F:49:45:F8:2E:FE:1C:74:50:67:B3:AF
ValidityFri, 28 Feb 2025 05:51:16 GMT - Wed, 27 Aug 2025 05:51:16 GMT

File type
HTML document, ASCII text, with very long lines (2147), with CRLF line terminators
Size
2.3 kB (2275 bytes)
Hash
ca6601b03274b815d5aa1f647e607f9d
aed26bf4b08667bb92961fbe72717aca3714f06a
3243a6b6f7ae4ea28476925bf726f0ab44e4911253732a07e087b3111ca1e89b

HTTP Headers

GET /Clear.HTML?ctx=Ls1.0&wl=False&session_id=44e28f624e404f14807c13e89e80fe3a&id=8716095e-a776-e387-e245-cdde07fb2091&w=8DD7E7DB822B837&tkt=taBcrIH61PuCVH7eNCyH0AHEYHVht29NHm46S5qgUjYrO8tDrhYviUTs%252bdDOs7p55hU2DDcW%252bd%252fSRY4l3z2pgglBmghk7C%252bugtWmWWzOaFXBr3kwxEH4ynZLuK6HiUJP02krHIOTcLrjffuq6kaIRR3Z%252fQKCjGnZGIbbjhf4%252bo6vOOWZonQabG5lH2NXZxbuS%252fH8e28m3pWrN2PycNczL57GnU8SFKo%252fVkLQdqY3a9ClOp%252bzZteAssUbpOGEd0gT5z62oq00KxA1G1y%252f7XoLtP5BuDDrLOgQqBUDVtaSsY2rX%252bJ3Bho0RwoJLjxiWRf5&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1
Host: df.cfp.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-encoding: gzip
set-cookie: dfpfpt=8716095ea776e387e245cdde07fb2091; expires=Sat, 18 Apr 2026 13:34:20 GMT; domain=.cfp.microsoft.com; path=/; secure; httponly
vary: Accept-Encoding
server: Microsoft-HTTPAPI/2.0
access-control-allow-origin: *
date: Fri, 18 Apr 2025 13:34:20 GMT
X-Firefox-Spdy: h2

GET sso.dns-verify.com/

52.168.94.228

200 OK

28 kB

URL User Request GET
sso.dns-verify.com/
IP
52.168.94.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectlogin.dns-verify.com
Fingerprint43:BF:F7:3B:27:DB:BA:65:89:9B:21:82:34:B2:FA:1A:4F:CA:CA:A9
ValidityThu, 17 Apr 2025 16:07:39 GMT - Wed, 16 Jul 2025 16:07:38 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26405)
Size
28 kB (27576 bytes)
Hash
252580d06d5e9d63ab22c1bd2f0c50d5
31d546ae948caa4f8992a86f49d62268821e1b4f
106c3b305d76ba4ce4f0939ec6b2ff74acacc699d8ede0b9c57de228eb7a44a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
OpenPhish	phishing	Outlook

HTTP Headers

GET / HTTP/1.1
Host: sso.dns-verify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Apr 2025 13:34:14 GMT
Expires: Fri, 18 Apr 2025 13:33:14 GMT
Link: <https://logincdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Ppserver: PPV: 30 H: PH1PEPF00011F31 V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: uaid=44e28f624e404f14807c13e89e80fe3a; Path=/; Domain=sso.dns-verify.com; HttpOnly; Secure; SameSite=None
MSPRequ=id=N&lt=1744983254&co=1; Path=/; Domain=sso.dns-verify.com; HttpOnly; Secure; SameSite=None
MSCC=52.168.94.228-US; Path=/; Domain=sso.dns-verify.com; Expires=Wed, 13 May 2026 13:34:14 GMT; HttpOnly; Secure; SameSite=None
MSPOK=$uuid-00613deb-17d1-418c-bf8d-9003e66d5a74; Path=/; Domain=sso.dns-verify.com; HttpOnly; Secure; SameSite=None
OParams=11O.DtIvcpnAMVDEVGBJtJ!Jox1pPc29DoQsSoxDXDjPXqEmiZFEYrGTqxTBYmhc0DgTgcBGGnI3z5m3DfnfiiLVCx*mmq8KA9tGLx0fJ0rMl1TZvt!WhWzBbxLbGYQpUC7Oq5RMnb*eLQ!poFtKFAmtfBc$; Path=/; Domain=sso.dns-verify.com; HttpOnly; Secure; SameSite=None
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Dns-Prefetch-Control: on
X-Ms-Request-Id: 37380e27-29fd-418e-b096-7d8e26ded653
X-Ms-Route-Info: C544_BAY

GET logincdn.msftauth.net/shared/5/images/3_57fee22710b04cebe1d5.svg

23.33.119.89

200 OK

44 kB

URL GET
logincdn.msftauth.net/shared/5/images/3_57fee22710b04cebe1d5.svg
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
SVG Scalable Vector Graphics image
Size
44 kB (44327 bytes)
Hash
57fee22710b04cebe1d5fccfc40a2850
63f32442fd8c75956896b9677efb45c342fbc87d
e122dfeee73db9cb846feea1467b85edb1ae624556c643a9c9cc41056508901b

HTTP Headers

GET /shared/5/images/3_57fee22710b04cebe1d5.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 6213
content-type: image/svg+xml
content-encoding: gzip
content-md5: FKHpay1XH5LJbYl57r/IDg==
last-modified: Wed, 13 Nov 2024 07:56:16 GMT
accept-ranges: bytes
etag: "0x8DD03B8A69DDDC3"
x-ms-request-id: 6eba6f79-f01e-00e5-01a7-6c9b6e000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=26878868
date: Fri, 18 Apr 2025 13:34:16 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983256.b9aed78
X-Firefox-Spdy: h2

GET logincdn.msftauth.net/shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js

23.33.119.89

200 OK

58 kB

URL GET
logincdn.msftauth.net/shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js
IP
23.33.119.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
JavaScript source, ASCII text, with very long lines (58453)
Size
58 kB (58521 bytes)
Hash
2e30b241c1ef3bc0ab6888daafa58e77
5650a0fd750df9212536e5a7cd0e69517f4b570a
130aea4f261831cee2d2502c5e09d80750da05445d9379572e79db4d64b7471b

HTTP Headers

GET /shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sso.dns-verify.com/
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 15163
content-type: application/x-javascript
content-encoding: gzip
content-md5: /KQ+Cn/2oTvaUKvA8ER7gg==
last-modified: Fri, 08 Nov 2024 20:11:33 GMT
accept-ranges: bytes
etag: "0x8DD00318A7A3EFD"
x-ms-request-id: a4444c72-501e-0027-51a0-96dde8000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=28702103
date: Fri, 18 Apr 2025 13:34:17 GMT
vary: Accept-Encoding
akamai-grn: 0.ae0b655f.1744983257.b9af0b7
X-Firefox-Spdy: h2

GET df6.cfp.microsoft.com/probe?session_id=44e28f624e404f14807c13e89e80fe3a&instanceId=33e01921-4d64-4f8c-a055-5bdaffd5e33d

0.0.0.0

0 B

URL GET
df6.cfp.microsoft.com/probe?session_id=44e28f624e404f14807c13e89e80fe3a&instanceId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
IP
0.0.0.0:0
ASN
#0

Requested by
https://fpt.live.com/?session_id=44e28f624e404f14807c13e89e80fe3a&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /probe?session_id=44e28f624e404f14807c13e89e80fe3a&instanceId=33e01921-4d64-4f8c-a055-5bdaffd5e33d HTTP/1.1
Host: df6.cfp.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fpt.live.com
DNT: 1
Connection: keep-alive
Referer: https://fpt.live.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

OPTIONS browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

13.69.109.130

200 OK

0 B

URL OPTIONS
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
13.69.109.130:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://sso.dns-verify.com/
Certificate
IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint1B:B3:E9:7A:18:E5:37:3B:8B:C1:EC:3F:AB:B1:73:34:BF:7A:79:6D
ValidityThu, 13 Mar 2025 23:04:58 GMT - Tue, 09 Sep 2025 23:04:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Referer: https://sso.dns-verify.com/
Origin: https://sso.dns-verify.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://sso.dns-verify.com
date: Fri, 18 Apr 2025 13:34:19 GMT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML