microsoft.executive-mailsend.com Open in urlscan Pro
45.33.75.129 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://executive-mailsend.com/click?uuid=cf3856e6-2576-47fa-a432-cea88ca85962
Effective URL:
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker
Submission: On July 09 via manual (July 9th 2024, 2:55:12 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 18 HTTP transactions. The main IP is 45.33.75.129, located in Cedar Knolls, United States and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is microsoft.executive-mailsend.com.
TLS certificate: Issued by E6 on July 4th 2024. Valid for: 3 months.

This is the only time microsoft.executive-mailsend.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.201.226.116 34.201.226.116	14618 (AMAZON-AES) (AMAZON-AES)
10	45.33.75.129 45.33.75.129	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2	2600:9000:211... 2600:9000:211e:2200:c:449b:4e00:21	16509 (AMAZON-02) (AMAZON-02)
1	18.244.18.29 18.244.18.29	16509 (AMAZON-02) (AMAZON-02)
2	54.211.116.85 54.211.116.85	14618 (AMAZON-AES) (AMAZON-AES)
18	5

1 34.201.226.116 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-226-116.compute-1.amazonaws.com

executive-mailsend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 45.33.75.129 (Cedar Knolls, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-33-75-129.ip.linodeusercontent.com

microsoft.executive-mailsend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:211e:2200:c:449b:4e00:21 (United States)

ASN16509 (AMAZON-02, US)

d5hxnyi3z4114.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-29.fra56.r.cloudfront.net

static.openreplay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.211.116.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-116-85.compute-1.amazonaws.com

lc5rgw13ke.execute-api.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	executive-mailsend.com 1 redirects executive-mailsend.com microsoft.executive-mailsend.com	659 KB
2	amazonaws.com lc5rgw13ke.execute-api.us-east-1.amazonaws.com	418 B
2	cloudfront.net d5hxnyi3z4114.cloudfront.net	2 KB
1	openreplay.com static.openreplay.com — Cisco Umbrella Rank: 183932	38 KB
0	dunesecurity.io Failed analytics.dunesecurity.io Failed
18	5

	Domain	Requested by
10	microsoft.executive-mailsend.com	microsoft.executive-mailsend.com
2	lc5rgw13ke.execute-api.us-east-1.amazonaws.com	static.openreplay.com
2	d5hxnyi3z4114.cloudfront.net	microsoft.executive-mailsend.com
1	static.openreplay.com	microsoft.executive-mailsend.com
1	executive-mailsend.com	1 redirects
0	analytics.dunesecurity.io Failed	static.openreplay.com
18	6

This site contains no links.

Subject Issuer	Validity	Valid
microsoft.executive-mailsend.com E6	`2024-07-04` - `2024-10-02`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.openreplay.com Amazon RSA 2048 M02	`2024-03-13` - `2025-04-10`	a year	crt.sh
*.execute-api.us-east-1.amazonaws.com Amazon RSA 2048 M02	`2024-06-23` - `2025-07-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker
Frame ID: 969DF4F1AA177B9DA19959FD2B68AEAB
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://executive-mailsend.com/click?uuid=cf3856e6-2576-47fa-a432-cea88ca85962 HTTP 302
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Page URL

Page Statistics

18
Requests

83 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

699 kB
Transfer

787 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://executive-mailsend.com/click?uuid=cf3856e6-2576-47fa-a432-cea88ca85962 HTTP 302
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request log-in Show response microsoft.executive-mailsend.com/ Redirect Chain https://executive-mailsend.com/click?uuid=cf3856e6-2576-47fa-a432-cea88ca85962 https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker	5 KB 6 KB	308ms 93ms	Document text/html	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy Caddy / Resource Hash `f6f6d93ef8547d55d5cb30ab7136f820bc6613f22fdaaaebc379a8e62f3239cf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 5541 content-type text/html; charset=utf-8 date Tue, 09 Jul 2024 14:55:07 GMT etag "sgd08449x" last-modified Tue, 09 Jul 2024 14:00:04 GMT server Caddy Caddy Redirect headers apigw-requestid aplTpiFOIAMEM0Q= content-length 0 date Tue, 09 Jul 2024 14:55:06 GMT location https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker
GET H2	200	main.css microsoft.executive-mailsend.com/css/	13 KB 13 KB	88ms 87ms	Stylesheet text/css	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/css/main.css Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `34c816e2c5aeb59bc34c6f2e3a29644dcb8dc9b56b432e012b3c4ead4bceb82d` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Thu, 27 Jun 2024 15:01:39 GMT server Caddy etag "sfqv2ra1d" content-type text/css; charset=utf-8 accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 13009
GET H2	200	fp.umd.min.js Show response microsoft.executive-mailsend.com/js/	39 KB 39 KB	89ms 88ms	Script text/javascript	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/js/fp.umd.min.js Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `9abd9dfc2a88db23802afd9674ffcf346e79e3d999c511ec3bcec3b594d4bfd9` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Fri, 14 Jun 2024 20:46:18 GMT server Caddy etag "sf38d6uj5" content-type text/javascript; charset=utf-8 accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 39569
GET H2	200	main.js Show response microsoft.executive-mailsend.com/js/	5 KB 5 KB	89ms 88ms	Script text/javascript	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/js/main.js Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `1df10ffde5d8779aa53fe7092dcc468d7f4831346d2e0f3e528e1dfbf3b3ac03` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Origin https://microsoft.executive-mailsend.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Tue, 09 Jul 2024 14:28:07 GMT server Caddy etag "sgd1iv3o4" content-type text/javascript; charset=utf-8 accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 4756
GET H2	200	query_params.js Show response microsoft.executive-mailsend.com/js/	951 B 1015 B	179ms 179ms	Script text/javascript	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/js/query_params.js Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `5d319cf13fbfaa588fc90866adc35c93cf3ed93974aba30e8773eadbf7815b9f` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Tue, 25 Jun 2024 22:32:49 GMT server Caddy etag "sfnqmpqf" content-type text/javascript; charset=utf-8 accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 951
GET H2	200	microsoft_logo.png microsoft.executive-mailsend.com/images/	2 KB 2 KB	180ms 180ms	Image image/png	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.executive-mailsend.com/images/microsoft_logo.png Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `79cc6b7e61db8d90a98df79ab2dd9d031fdd714d54c42c4fabbfe1015110c279` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Fri, 14 Jun 2024 20:46:18 GMT server Caddy etag "sf38d619h" content-type image/png accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 1637
GET H2	200	m-k.png d5hxnyi3z4114.cloudfront.net/	727 B 1 KB	465ms 413ms	Image image/png	2600:9000:211e:2200:c:449b:4e00:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d5hxnyi3z4114.cloudfront.net/m-k.png Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:211e:2200:c:449b:4e00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652` Request headers Referer https://microsoft.executive-mailsend.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers x-amz-version-id E4io7ItuVL5vgQhkS.LssS71ebfqy.PB date Tue, 09 Jul 2024 14:55:08 GMT via 1.1 9928105291571d6cae52bcb916c898d8.cloudfront.net (CloudFront) last-modified Thu, 02 Nov 2023 13:28:41 GMT server AmazonS3 x-amz-cf-pop FRA56-C2 x-amz-server-side-encryption AES256 etag "839cb0f55c3d2d5c2f740bda95cb2878" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type image/png accept-ranges bytes content-length 727 x-amz-cf-id vF_yysPD0YRPxls3HlW5QnSQ4Y_y-NTy3xAQ6IJr6ScgkfUdTUh6CQ==
GET H2	200	microsoft_123.png microsoft.executive-mailsend.com/images/	989 B 1 KB	86ms 86ms	Image image/png	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.executive-mailsend.com/images/microsoft_123.png Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `13f0b1e2dd35438aab4a995a52b4673b97addcb046fa39db7557aa34b569dba9` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Fri, 14 Jun 2024 20:46:18 GMT server Caddy etag "sf38d6rh" content-type image/png accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 989
GET H2	200	openreplay.js Show response static.openreplay.com/11.0.1/	118 KB 38 KB	34ms 7ms	Script application/javascript	18.244.18.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.openreplay.com/11.0.1/openreplay.js Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/js/query_params.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.18.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-18-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `e4728c64c39c3f656fe83ce2332a9a376774726294e9dddff0b67939ef918647` Request headers Referer https://microsoft.executive-mailsend.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 08 Jul 2024 20:07:21 GMT content-encoding gzip via 1.1 93f1c701362eb59a676baaac7ea81bd8.cloudfront.net (CloudFront) last-modified Tue, 12 Dec 2023 17:11:46 GMT server AmazonS3 x-amz-cf-pop FRA56-P11 age 67666 x-amz-server-side-encryption AES256 etag W/"43acccb3ab818c999995c0915b999754" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=604800 x-amz-cf-id w3TOK2UNAOhasivOkSaCvVRIfnBnnPP1kOy1MSyyRzAEJg3GQOjpYA==
GET H2	200	microsoft_logo.png microsoft.executive-mailsend.com/images/	2 KB 0	0ms 0ms	Image image/png	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.executive-mailsend.com/images/microsoft_logo.png Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `79cc6b7e61db8d90a98df79ab2dd9d031fdd714d54c42c4fabbfe1015110c279` Request headers Referer https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Fri, 14 Jun 2024 20:46:18 GMT server Caddy etag "sf38d619h" content-type image/png accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 1637
GET H2	200	background_image.png microsoft.executive-mailsend.com/images/	578 KB 578 KB	88ms 88ms	Image image/png	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://microsoft.executive-mailsend.com/images/background_image.png Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `f8a7816c230e1d9e782c826b6394560297cd07e28253d9ca4a3d6fd1c889a75d` Request headers Referer https://microsoft.executive-mailsend.com/css/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Tue, 25 Jun 2024 22:32:49 GMT server Caddy etag "sfnqmpcomh" content-type image/png accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 591785
GET H2	200	Botd.js Show response microsoft.executive-mailsend.com/js/	15 KB 15 KB	171ms 171ms	Script text/javascript	45.33.75.129 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://microsoft.executive-mailsend.com/js/Botd.js Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-33-75-129.ip.linodeusercontent.com Software Caddy / Resource Hash `4e0adb59f39b35115d1a5a59e732cc21cf1af68defc038b4b41821989b0839f9` Request headers Referer https://microsoft.executive-mailsend.com/js/main.js Origin https://microsoft.executive-mailsend.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 14:55:07 GMT last-modified Fri, 14 Jun 2024 20:46:18 GMT server Caddy etag "sf38d6bkp" content-type text/javascript; charset=utf-8 accept-ranges bytes alt-svc h3=":443"; ma=2592000 content-length 15001
GET BLOB	200 OK	3759b828-599b-4fdc-ae8b-5ecbcb451206 https://microsoft.executive-mailsend.com/	9 KB 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://microsoft.executive-mailsend.com/3759b828-599b-4fdc-ae8b-5ecbcb451206 Requested by Host: microsoft.executive-mailsend.com URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `4cec66abfe0623a547b1a4419488756945b6c4a619db8c0c2b4280532e31858d` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Length 9395 Content-Type text/javascript
POST		start analytics.dunesecurity.io/ingest/v1/web/	0 0

OPTIONS		start analytics.dunesecurity.io/ingest/v1/web/	0 0

POST H2	200	intelligence_gathering Show response lc5rgw13ke.execute-api.us-east-1.amazonaws.com/	53 B 211 B	2100ms 1880ms	XHR application/json	54.211.116.85 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://lc5rgw13ke.execute-api.us-east-1.amazonaws.com/intelligence_gathering Requested by Host: static.openreplay.com URL: https://static.openreplay.com/11.0.1/openreplay.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.211.116.85 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-211-116-85.compute-1.amazonaws.com Software / Resource Hash `fe286209d931e123feabfc012363c0f144c37b29378fed9d26a55e06ae006525` Request headers Referer https://microsoft.executive-mailsend.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin https://microsoft.executive-mailsend.com date Tue, 09 Jul 2024 14:55:09 GMT content-length 53 vary origin apigw-requestid aplT6hhxIAMEM3g= content-type application/json
POST H2	200	intelligence_gathering Show response lc5rgw13ke.execute-api.us-east-1.amazonaws.com/	41 B 207 B	1314ms 1111ms	XHR text/plain	54.211.116.85 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://lc5rgw13ke.execute-api.us-east-1.amazonaws.com/intelligence_gathering Requested by Host: static.openreplay.com URL: https://static.openreplay.com/11.0.1/openreplay.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.211.116.85 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-211-116-85.compute-1.amazonaws.com Software / Resource Hash `d44d35a831c733ea42f77864b1e9268c1ca642e27322bec9c7a83672dcd5947e` Request headers Referer https://microsoft.executive-mailsend.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers access-control-allow-origin https://microsoft.executive-mailsend.com date Tue, 09 Jul 2024 14:55:08 GMT content-length 41 vary origin apigw-requestid aplT4i36IAMEYPA= content-type text/plain; charset=utf-8
GET H2	200	m-i.png d5hxnyi3z4114.cloudfront.net/	248 B 657 B	424ms 424ms	Other image/png	2600:9000:211e:2200:c:449b:4e00:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d5hxnyi3z4114.cloudfront.net/m-i.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:211e:2200:c:449b:4e00:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `f31276cec6170ece2b72aa8f4319f2c0a5a886a3a68216a16f02c785c622f930` Request headers Referer https://microsoft.executive-mailsend.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers x-amz-version-id 8TJBbjDfYl2tJSs3ELhZTComffIlylXm date Tue, 09 Jul 2024 14:55:08 GMT via 1.1 9928105291571d6cae52bcb916c898d8.cloudfront.net (CloudFront) last-modified Thu, 02 Nov 2023 13:28:41 GMT server AmazonS3 x-amz-cf-pop FRA56-C2 x-amz-server-side-encryption AES256 etag "fb8de164c1533c793e8bdee84def7474" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type image/png accept-ranges bytes content-length 248 x-amz-cf-id AN-na0jwsbOtkDvHYqt6P93R5oxGKSMxMChh5jnjxsQ5dnxHrRYu8Q==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.dunesecurity.io
URL: https://analytics.dunesecurity.io/ingest/v1/web/start

Domain: analytics.dunesecurity.io
URL: https://analytics.dunesecurity.io/ingest/v1/web/start

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=cf3856e6-2576-47fa-a432-cea88ca85962&company_name=faker Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://analytics.dunesecurity.io/ingest/v1/web/start Message: Failed to load resource: net::ERR_CONNECTION_REFUSED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.dunesecurity.io
d5hxnyi3z4114.cloudfront.net
executive-mailsend.com
lc5rgw13ke.execute-api.us-east-1.amazonaws.com
microsoft.executive-mailsend.com
static.openreplay.com
analytics.dunesecurity.io
18.244.18.29
2600:9000:211e:2200:c:449b:4e00:21
34.201.226.116
45.33.75.129
54.211.116.85
13f0b1e2dd35438aab4a995a52b4673b97addcb046fa39db7557aa34b569dba9
1df10ffde5d8779aa53fe7092dcc468d7f4831346d2e0f3e528e1dfbf3b3ac03
34c816e2c5aeb59bc34c6f2e3a29644dcb8dc9b56b432e012b3c4ead4bceb82d
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
4cec66abfe0623a547b1a4419488756945b6c4a619db8c0c2b4280532e31858d
4e0adb59f39b35115d1a5a59e732cc21cf1af68defc038b4b41821989b0839f9
5d319cf13fbfaa588fc90866adc35c93cf3ed93974aba30e8773eadbf7815b9f
79cc6b7e61db8d90a98df79ab2dd9d031fdd714d54c42c4fabbfe1015110c279
9abd9dfc2a88db23802afd9674ffcf346e79e3d999c511ec3bcec3b594d4bfd9
d44d35a831c733ea42f77864b1e9268c1ca642e27322bec9c7a83672dcd5947e
e4728c64c39c3f656fe83ce2332a9a376774726294e9dddff0b67939ef918647
f31276cec6170ece2b72aa8f4319f2c0a5a886a3a68216a16f02c785c622f930
f6f6d93ef8547d55d5cb30ab7136f820bc6613f22fdaaaebc379a8e62f3239cf
f8a7816c230e1d9e782c826b6394560297cd07e28253d9ca4a3d6fd1c889a75d
fe286209d931e123feabfc012363c0f144c37b29378fed9d26a55e06ae006525

microsoft.executive-mailsend.com Open in urlscan Pro 45.33.75.129 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

83 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

5 IPs

1 Countries

699 kBTransfer

787 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

microsoft.executive-mailsend.com Open in urlscan Pro
45.33.75.129 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

83 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

5
IPs

1
Countries

699 kB
Transfer

787 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!