No security vendors flagged this URL as malicious http://msedge.b.tlu.dl.delivery.mp.microsoft.com/
Status 403
Content type text/html
Last Analysis Date a moment ago https://www.virustotal.com/gui/url/6fa7c4…80617e
No security vendors flagged this URL as malicious https://msedge.b.tlu.dl.delivery.mp.microsoft.com/
Status 403
Content type text/html
Last Analysis Date a moment ago https://www.virustotal.com/gui/url/deedfe…a6da43
All: Norton version 22.24.8.36. Even with editing the URL with https: the below is returned when opening in a private tab within Opera GX. This isn’t a false flag, the URL cannot prove its identity meaning there is a signature / certificate obfuscation. The certificate fallback is the same on BOTH Edge and Opera GX. My observations my side.
Private incognito tab on both Edge and Opera I get the same results as shown before. There are no Norton attack alerts present. The screenshot also shows “security certificate is from fallback.tls.fastly.net”. These are self signed certificates, and I don’t ever remember MS using outside certificates on their domains.
Here are the reasons self signed certificates shouldn’t be trusted. Norton flagged this appropriately as it should all browser based activities.
Self-signed certificates can be a security risk because they are not validated by a trusted authority. This leaves them vulnerable to exploitation by malicious actors. [1, 2]
Self-signed certificates are not verified by a certificate authority (CA), so there is no independent confirmation of the certificate’s authenticity. [1]
No updates or revocation
Self-signed certificates don’t expire, so they are never updated to fix vulnerabilities. This makes them vulnerable to hackers and cyberattacks. [2]
Man-in-the-middle (MITM) attacks
Attackers can intercept encrypted traffic between a victim and a website protected by a self-signed certificate. They can then steal sensitive information like login credentials and financial data. [3]
Phishing attacks
Fraudsters can create fake websites and apps using self-signed certificates. Victims may not receive warnings and may be tricked into providing sensitive data. [3]
Loss of customer trust
Customers may see security warnings when visiting a website protected by a self-signed certificate, which may lead them to abandon the site. [3]
Self-signed certificates may be suitable for personal use or for internal applications within an organization. However, they can introduce significant security risks. [1, 4]