msoftnetworkaus014.blob.core.windows.net
Open in
urlscan Pro
52.239.138.164
Malicious Activity!
Public Scan
Submission: On July 30 via manual from GB
Summary
TLS certificate: Issued by Microsoft IT TLS CA 5 on May 19th 2019. Valid for: 2 years.
This is the only time msoftnetworkaus014.blob.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 52.239.138.164 52.239.138.164 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
9 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 40.126.1.130 40.126.1.130 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
21 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
msoftnetworkaus014.blob.core.windows.net |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
login.microsoftonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
windows.net
msoftnetworkaus014.blob.core.windows.net |
41 KB |
9 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
301 KB |
1 |
microsoftonline.com
login.microsoftonline.com |
553 B |
21 | 3 |
Domain | Requested by | |
---|---|---|
11 | msoftnetworkaus014.blob.core.windows.net |
msoftnetworkaus014.blob.core.windows.net
secure.aadcdn.microsoftonline-p.com |
9 | secure.aadcdn.microsoftonline-p.com |
msoftnetworkaus014.blob.core.windows.net
|
1 | login.microsoftonline.com |
secure.aadcdn.microsoftonline-p.com
|
21 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.microsoftonline.com |
passwordreset.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.blob.core.windows.net Microsoft IT TLS CA 5 |
2019-05-19 - 2021-05-19 |
2 years | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4 |
2019-07-17 - 2021-07-17 |
2 years | crt.sh |
stamp2.login.microsoftonline.com Microsoft IT TLS CA 1 |
2018-09-24 - 2020-09-24 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://msoftnetworkaus014.blob.core.windows.net/aus/home.html
Frame ID: EAA87D12825F42F014294BC6D2BDC49C
Requests: 20 HTTP requests in this frame
Frame:
https://msoftnetworkaus014.blob.core.windows.net/aus/xxmicrosoftonline_files/prefetch.html
Frame ID: 04679846F5E7D0D6E1487B147491B04F
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Microsoft HTTPAPI (Web Servers) ExpandDetected patterns
- headers server /Microsoft-HTTPAPI(?:\/([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Try it now
Search URL Search Domain Scan URL
Title: Can’t access your account?
Search URL Search Domain Scan URL
Title: Sign in with a Microsoft account
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.html
msoftnetworkaus014.blob.core.windows.net/aus/ |
39 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.1.11.min.js.download
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aad.login.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
176 KB 43 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
215 B 215 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hover.min.css
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
89 B 454 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
msoftnetworkaus014.blob.core.windows.net/aus/xxmicrosoftonline_files/ |
215 B 215 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close.png
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
215 B 215 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
215 B 215 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.png
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.1.11.min.js.download
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch.html
msoftnetworkaus014.blob.core.windows.net/aus/xxmicrosoftonline_files/ Frame 0467 |
215 B 490 B |
Document
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.1.11.min.js.download
msoftnetworkaus014.blob.core.windows.net/aus/microsoftonline_files/ |
0 0 |
Script
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
watsonsupport.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
108 KB 38 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frameworksupport.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
watson.min.js
secure.aadcdn.microsoftonline-p.com/ests/2.1.6177.20/content/cdnbundles/ |
10 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
watson
msoftnetworkaus014.blob.core.windows.net/common/handlers/ |
237 B 506 B |
XHR
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bannerlogo
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
heroillustration
secure.aadcdn.microsoftonline-p.com/dbd5a2dd-uymyxxfhpwrbckvwvlxle8radh6vkzaj7cwkqpqixg/appbranding/npdp3ivuhlrwvd1ynsq0x-mjc7zhvnj0i7k676ppafa/0/ |
199 KB 199 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
telemetry
login.microsoftonline.com/common/login/ |
0 553 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
watson
msoftnetworkaus014.blob.core.windows.net/common/handlers/ |
237 B 506 B |
XHR
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B boolean| isTouch string| cssId object| head object| link undefined| msViewportStyle object| MSLogin object| proxy object| ErrorCodes object| Constants object| Context object| Background object| Logo object| Instrument object| User object| tenant_info object| MSLogout object| ThirdPartyCookieStates object| PostType object| LoginOption object| TenantBranding object| users object| Tiles object| EmailDiscovery object| Support object| Post object| StrongAuthCheck object| Util object| WindowsBrowserSso function| $ function| jQuery object| $Api object| jQuery11120287211254661937861 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
msoftnetworkaus014.blob.core.windows.net/aus | Name: testcookie Value: testcookie |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.microsoftonline.com
msoftnetworkaus014.blob.core.windows.net
secure.aadcdn.microsoftonline-p.com
2a02:26f0:6c00:283::35c1
40.126.1.130
52.239.138.164
080ff245615e719959bc5537e164ac4495c4b8036462dfee2076dd92f22c8491
1cb99b8f6ef91cab65770c9233f5a9db4e461d1c39c2e561c8606e3994eb1a30
28fc6d7aad53bdadbf261065679f33162d224ccc3a3058eaa903ca1957386f22
31b0ef59f35e4eaa1c8fd2a0cde8bd394de5a7093bfbe0d28112f7f32fde76b6
4f0b18a08d94ac46e34313b33cce2cbea49e275def088dc3f9f82a8870f4603a
6ae8b5dd36bc17d5372ea5e78901009118e6f7c9d10538a7c30b7a04d488fe98
7e50e406688bd898803f653058d14ca384734cb9b39ba900bc5e2734b59c073b
91c2b74542e11d0278e02715a980b39582eae2e3b519ddd2d4f9ca939e58109c
a893d9f01ec10a282aa73acf3dfcd092a1c7e0ec1ffcb972e1942ff2d859a844
c1de492139ba1e8bd338e47ea6b6e0744dae88cbde1b99ff4befedebe166957b
c4033dc31350f5cf70edb9dd807bd152e174449a855b7ec32ce7d20852b2f4cd
d0758e2f4c7165fded8f35953203a7dacca3fab0d1dccc8970857d007afa4d7a
deca2e096169d1071e5d71d66330a1043f50d729b71d65065345c71a5724b175
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed46fa45902c992934ba22f28371f772508a6199187fe30c72d68641190f6ead
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c
fc5c3d7d2b298a42ec44dad2d8cd227b734db966b4afa68c0254a497e805f603
fe9b30b90e759478adc4edc39bc41bed8f106a4df34dec65558d495cbb44dd27