microsoft.executive-mailsend.com
Open in
urlscan Pro
45.33.75.129
Malicious Activity!
Public Scan
Effective URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/f...
Submission: On August 14 via api from US — Scanned from CA
Summary
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time microsoft.executive-mailsend.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 45.33.75.129 45.33.75.129 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
2 | 2600:9000:211... 2600:9000:211c:7600:c:449b:4e00:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.225.63.39 13.225.63.39 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 54.85.191.180 54.85.191.180 | 14618 (AMAZON-AES) (AMAZON-AES) | |
17 | 5 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-33-75-129.ip.linodeusercontent.com
microsoft.executive-mailsend.com |
ASN16509 (AMAZON-02, US)
d5hxnyi3z4114.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-39.ewr53.r.cloudfront.net
static.openreplay.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-191-180.compute-1.amazonaws.com
lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
executive-mailsend.com
microsoft.executive-mailsend.com |
658 KB |
2 |
amazonaws.com
lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
418 B |
2 |
cloudfront.net
d5hxnyi3z4114.cloudfront.net |
2 KB |
1 |
openreplay.com
static.openreplay.com — Cisco Umbrella Rank: 171068 |
38 KB |
0 |
dunesecurity.io
Failed
analytics.dunesecurity.io Failed |
|
17 | 5 |
Domain | Requested by | |
---|---|---|
9 | microsoft.executive-mailsend.com |
microsoft.executive-mailsend.com
|
2 | lc5rgw13ke.execute-api.us-east-1.amazonaws.com |
static.openreplay.com
|
2 | d5hxnyi3z4114.cloudfront.net |
microsoft.executive-mailsend.com
|
1 | static.openreplay.com |
microsoft.executive-mailsend.com
|
0 | analytics.dunesecurity.io Failed |
static.openreplay.com
|
17 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
microsoft.executive-mailsend.com E6 |
2024-08-01 - 2024-10-30 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.openreplay.com Amazon RSA 2048 M02 |
2024-03-13 - 2025-04-10 |
a year | crt.sh |
*.execute-api.us-east-1.amazonaws.com Amazon RSA 2048 M02 |
2024-06-23 - 2025-07-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Frame ID: 747F88EA3B51DC0F3BA5E77B2CD117A1
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay...
HTTP 307
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
HTTP 307
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
log-in
microsoft.executive-mailsend.com/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
microsoft.executive-mailsend.com/css/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fp.umd.min.js
microsoft.executive-mailsend.com/js/ |
39 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
microsoft.executive-mailsend.com/js/ |
5 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
query_params.js
microsoft.executive-mailsend.com/js/ |
951 B 992 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.png
microsoft.executive-mailsend.com/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m-k.png
d5hxnyi3z4114.cloudfront.net/ |
727 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_123.png
microsoft.executive-mailsend.com/images/ |
989 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
openreplay.js
static.openreplay.com/11.0.1/ |
118 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background_image.png
microsoft.executive-mailsend.com/images/ |
578 KB 578 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Botd.js
microsoft.executive-mailsend.com/js/ |
15 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
b1d797b5-18a8-45fa-b4ef-0686742eec52
https://microsoft.executive-mailsend.com/ |
9 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m-i.png
d5hxnyi3z4114.cloudfront.net/ |
248 B 641 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
start
analytics.dunesecurity.io/ingest/v1/web/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
start
analytics.dunesecurity.io/ingest/v1/web/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/ |
53 B 212 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/ |
41 B 206 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- analytics.dunesecurity.io
- URL
- https://analytics.dunesecurity.io/ingest/v1/web/start
- Domain
- analytics.dunesecurity.io
- URL
- https://analytics.dunesecurity.io/ingest/v1/web/start
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FingerprintJS function| getQueryParam object| OpenReplay boolean| __openreplay_adpss_patched__ object| __OPENREPLAY__ object| asayer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.dunesecurity.io
d5hxnyi3z4114.cloudfront.net
lc5rgw13ke.execute-api.us-east-1.amazonaws.com
microsoft.executive-mailsend.com
static.openreplay.com
analytics.dunesecurity.io
13.225.63.39
2600:9000:211c:7600:c:449b:4e00:21
45.33.75.129
54.85.191.180
13f0b1e2dd35438aab4a995a52b4673b97addcb046fa39db7557aa34b569dba9
1df10ffde5d8779aa53fe7092dcc468d7f4831346d2e0f3e528e1dfbf3b3ac03
34c816e2c5aeb59bc34c6f2e3a29644dcb8dc9b56b432e012b3c4ead4bceb82d
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652
4cec66abfe0623a547b1a4419488756945b6c4a619db8c0c2b4280532e31858d
4e0adb59f39b35115d1a5a59e732cc21cf1af68defc038b4b41821989b0839f9
5d319cf13fbfaa588fc90866adc35c93cf3ed93974aba30e8773eadbf7815b9f
79cc6b7e61db8d90a98df79ab2dd9d031fdd714d54c42c4fabbfe1015110c279
9abd9dfc2a88db23802afd9674ffcf346e79e3d999c511ec3bcec3b594d4bfd9
d44d35a831c733ea42f77864b1e9268c1ca642e27322bec9c7a83672dcd5947e
e4728c64c39c3f656fe83ce2332a9a376774726294e9dddff0b67939ef918647
f31276cec6170ece2b72aa8f4319f2c0a5a886a3a68216a16f02c785c622f930
f6f6d93ef8547d55d5cb30ab7136f820bc6613f22fdaaaebc379a8e62f3239cf
f8a7816c230e1d9e782c826b6394560297cd07e28253d9ca4a3d6fd1c889a75d
fe286209d931e123feabfc012363c0f144c37b29378fed9d26a55e06ae006525