[sriramk]

I don't know about Skype but I know other parts of MSFT would frequently try and classify links on whether they had malware, whether they were phishing attempts and so on. Doing this on IM networks was important as they could cause so much distribution of such malware through automated sending of messages.

I would be surprised if Microsoft wasnt doing this as it would leave users at risk.

Also, sending login credentials over HTTP GETs? That's a pretty contrived scenario. The HTTP HEAD might be a red herring - it might just be checking to see whether it redirects somewhere else/whether the URL has already been seen. Perhaps this URL didn't set off the spam/malware machine learning models to initiate a full crawl/human review.