microsoft.send-notification.com
Open in
urlscan Pro
45.33.75.129
Malicious Activity!
Public Scan
URL:
https://microsoft.send-notification.com/login?secure-sign-in=c93a5d1d-ed52-4551-bbd1-fb3f44d575a5
Submission: On June 03 via manual from US — Scanned from DE
Submission: On June 03 via manual from US — Scanned from DE
Summary
This website contacted 6 IPs
in 1 countries
across 5 domains to perform 17 HTTP transactions.
The main IP is 45.33.75.129, located in
Cedar Knolls, United States and
belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG.
The main domain is microsoft.send-notification.com.
TLS certificate: Issued by R3 on May 5th 2024. Valid for: 3 months.
This is the only time microsoft.send-notification.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on May 5th 2024. Valid for: 3 months.
This is the only time microsoft.send-notification.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 45.33.75.129 45.33.75.129 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
| 6 | 2600:9000:20a... 2600:9000:20ae:7e00:c:449b:4e00:21 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 18.173.154.74 18.173.154.74 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 44.208.83.81 44.208.83.81 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 4 | 172.233.200.68 172.233.200.68 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
| 17 | 6 |
3
45.33.75.129
(Cedar Knolls, United States)
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-33-75-129.ip.linodeusercontent.com
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-33-75-129.ip.linodeusercontent.com
| microsoft.send-notification.com |
6
2600:9000:20ae:7e00:c:449b:4e00:21
(United States)
ASN16509 (AMAZON-02, US)
ASN16509 (AMAZON-02, US)
| d5hxnyi3z4114.cloudfront.net |
1
18.173.154.74
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-74.muc50.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-74.muc50.r.cloudfront.net
| static.openreplay.com |
2
44.208.83.81
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-83-81.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-83-81.compute-1.amazonaws.com
| lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
4
172.233.200.68
(Ashburn, United States)
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-233-200-68.ip.linodeusercontent.com
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-233-200-68.ip.linodeusercontent.com
| analytics.dunesecurity.io |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
cloudfront.net
d5hxnyi3z4114.cloudfront.net |
6 KB |
| 4 |
dunesecurity.io
analytics.dunesecurity.io |
1 KB |
| 3 |
send-notification.com
microsoft.send-notification.com |
73 KB |
| 2 |
amazonaws.com
lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
416 B |
| 1 |
openreplay.com
static.openreplay.com — Cisco Umbrella Rank: 191242 |
38 KB |
| 17 | 5 |
| Domain | Requested by | |
|---|---|---|
| 6 | d5hxnyi3z4114.cloudfront.net |
microsoft.send-notification.com
|
| 4 | analytics.dunesecurity.io |
static.openreplay.com
|
| 3 | microsoft.send-notification.com |
microsoft.send-notification.com
|
| 2 | lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
microsoft.send-notification.com
static.openreplay.com |
| 1 | static.openreplay.com |
microsoft.send-notification.com
|
| 17 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| microsoft.send-notification.com R3 |
2024-05-05 - 2024-08-03 |
3 months | crt.sh |
| *.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
| *.openreplay.com Amazon RSA 2048 M02 |
2024-03-13 - 2025-04-10 |
a year | crt.sh |
| *.execute-api.us-east-1.amazonaws.com Amazon RSA 2048 M02 |
2023-07-25 - 2024-08-21 |
a year | crt.sh |
| analytics.dunesecurity.io R3 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://microsoft.send-notification.com/login?secure-sign-in=c93a5d1d-ed52-4551-bbd1-fb3f44d575a5
Frame ID: 5E9AF408182F61B3A35207040191F317
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
login
microsoft.send-notification.com/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fp.umd.min.js
microsoft.send-notification.com/js/ |
39 KB 40 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-l.png
d5hxnyi3z4114.cloudfront.net/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-q.png
d5hxnyi3z4114.cloudfront.net/ |
412 B 804 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-k.png
d5hxnyi3z4114.cloudfront.net/ |
727 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-b.png
d5hxnyi3z4114.cloudfront.net/ |
231 B 624 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
openreplay.js
static.openreplay.com/11.0.1/ |
118 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-bg.svg
d5hxnyi3z4114.cloudfront.net/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Botd.js
microsoft.send-notification.com/js/ |
17 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/ |
53 B 210 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/ |
41 B 206 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
4f30d7d3-ce11-45c1-9c77-552b8201ae2d
https://microsoft.send-notification.com/ |
9 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
m-i.png
d5hxnyi3z4114.cloudfront.net/ |
248 B 633 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
start
analytics.dunesecurity.io/ingest/v1/web/ |
487 B 768 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
start
analytics.dunesecurity.io/ingest/v1/web/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
feature-flags
analytics.dunesecurity.io/ingest/v1/web/ |
12 B 387 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
feature-flags
analytics.dunesecurity.io/ingest/v1/web/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FingerprintJS function| getQueryParam object| OpenReplay boolean| __openreplay_adpss_patched__ object| __OPENREPLAY__ object| asayer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.dunesecurity.io
d5hxnyi3z4114.cloudfront.net
lc5rgw13ke.execute-api.us-east-1.amazonaws.com
microsoft.send-notification.com
static.openreplay.com
172.233.200.68
18.173.154.74
2600:9000:20ae:7e00:c:449b:4e00:21
44.208.83.81
45.33.75.129
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
365884dbc8b6225ebe0a1499ff0325f7d77995ddb17cc53da8a656f5d16c9492
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
4cec66abfe0623a547b1a4419488756945b6c4a619db8c0c2b4280532e31858d
70e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4
8702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c
9dc91f392a3ed1af5b58d78a817ef1a8c4a947daa25a4656d4b99fb78c60fe99
a88428c6234bed2ef09ba0fa1d4b95a4b830f96f54e92a01e621b6798af62ea7
ccbb299897f0a6899aa1d76575c9338d15fdf0c96348f14c02712008f899f7ad
d44d35a831c733ea42f77864b1e9268c1ca642e27322bec9c7a83672dcd5947e
e4728c64c39c3f656fe83ce2332a9a376774726294e9dddff0b67939ef918647
e8d06c0a072a671e5843de9a12f4cd826ca5e17bbeb4c57ee9c410ee878998e8
f31276cec6170ece2b72aa8f4319f2c0a5a886a3a68216a16f02c785c622f930
f8d36f0fefed762ff6a331e1883ecced1299b092d0f4d3ec1170e2ef38db8fbd
fe286209d931e123feabfc012363c0f144c37b29378fed9d26a55e06ae006525