microsoft.executive-mailsend.com Open in urlscan Pro
45.33.75.129  Malicious Activity! Public Scan

Submitted URL: http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/f...
Effective URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/f...
Submission: On August 14 via api from US — Scanned from CA

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 17 HTTP transactions. The main IP is 45.33.75.129, located in Cedar Knolls, United States and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is microsoft.executive-mailsend.com.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time microsoft.executive-mailsend.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
9 45.33.75.129 63949 (AKAMAI-LI...)
2 2600:9000:211... 16509 (AMAZON-02)
1 13.225.63.39 16509 (AMAZON-02)
2 54.85.191.180 14618 (AMAZON-AES)
17 5
Domain Requested by
9 microsoft.executive-mailsend.com microsoft.executive-mailsend.com
2 lc5rgw13ke.execute-api.us-east-1.amazonaws.com static.openreplay.com
2 d5hxnyi3z4114.cloudfront.net microsoft.executive-mailsend.com
1 static.openreplay.com microsoft.executive-mailsend.com
0 analytics.dunesecurity.io Failed static.openreplay.com
17 5

This site contains no links.

Subject Issuer Validity Valid
microsoft.executive-mailsend.com
E6
2024-08-01 -
2024-10-30
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
*.openreplay.com
Amazon RSA 2048 M02
2024-03-13 -
2025-04-10
a year crt.sh
*.execute-api.us-east-1.amazonaws.com
Amazon RSA 2048 M02
2024-06-23 -
2025-07-21
a year crt.sh

This page contains 1 frames:

Primary Page: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Frame ID: 747F88EA3B51DC0F3BA5E77B2CD117A1
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

Sign in to your account

Page URL History Show full URLs

  1. http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay... HTTP 307
    https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay... Page URL

Page Statistics

17
Requests

82 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

699 kB
Transfer

786 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium HTTP 307
    https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request log-in
microsoft.executive-mailsend.com/
Redirect Chain
  • http://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
  • https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
5 KB
6 KB
Document
General
Full URL
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy Caddy /
Resource Hash
f6f6d93ef8547d55d5cb30ab7136f820bc6613f22fdaaaebc379a8e62f3239cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
5541
content-type
text/html; charset=utf-8
date
Wed, 14 Aug 2024 06:39:26 GMT
etag
"shlv6o49x"
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy Caddy

Redirect headers

Location
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Non-Authoritative-Reason
HttpsUpgrades
main.css
microsoft.executive-mailsend.com/css/
13 KB
13 KB
Stylesheet
General
Full URL
https://microsoft.executive-mailsend.com/css/main.css
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
34c816e2c5aeb59bc34c6f2e3a29644dcb8dc9b56b432e012b3c4ead4bceb82d

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy
etag
"shlv6oa1d"
content-type
text/css; charset=utf-8
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
13009
fp.umd.min.js
microsoft.executive-mailsend.com/js/
39 KB
39 KB
Script
General
Full URL
https://microsoft.executive-mailsend.com/js/fp.umd.min.js
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
9abd9dfc2a88db23802afd9674ffcf346e79e3d999c511ec3bcec3b594d4bfd9

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy
etag
"shlv6ouj5"
content-type
text/javascript; charset=utf-8
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
39569
main.js
microsoft.executive-mailsend.com/js/
5 KB
5 KB
Script
General
Full URL
https://microsoft.executive-mailsend.com/js/main.js
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
1df10ffde5d8779aa53fe7092dcc468d7f4831346d2e0f3e528e1dfbf3b3ac03

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Origin
https://microsoft.executive-mailsend.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy
etag
"shlv6o3o4"
content-type
text/javascript; charset=utf-8
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
4756
query_params.js
microsoft.executive-mailsend.com/js/
951 B
992 B
Script
General
Full URL
https://microsoft.executive-mailsend.com/js/query_params.js
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
5d319cf13fbfaa588fc90866adc35c93cf3ed93974aba30e8773eadbf7815b9f

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy
etag
"shlv6oqf"
content-type
text/javascript; charset=utf-8
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
951
microsoft_logo.png
microsoft.executive-mailsend.com/images/
2 KB
2 KB
Image
General
Full URL
https://microsoft.executive-mailsend.com/images/microsoft_logo.png
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
79cc6b7e61db8d90a98df79ab2dd9d031fdd714d54c42c4fabbfe1015110c279

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 14 Jun 2024 20:46:18 GMT
server
Caddy
etag
"sf38d619h"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
1637
m-k.png
d5hxnyi3z4114.cloudfront.net/
727 B
1 KB
Image
General
Full URL
https://d5hxnyi3z4114.cloudfront.net/m-k.png
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:7600:c:449b:4e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
40ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Request headers

Referer
https://microsoft.executive-mailsend.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 22:51:33 GMT
x-amz-version-id
E4io7ItuVL5vgQhkS.LssS71ebfqy.PB
via
1.1 ce6ac8bc6515892a00316a83f3713e1e.cloudfront.net (CloudFront)
last-modified
Thu, 02 Nov 2023 13:28:41 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
28074
etag
"839cb0f55c3d2d5c2f740bda95cb2878"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
727
x-amz-cf-id
duSasadGKw3cx8Y9cTjjJiQNl-C5ycAEqqxNuxWoej7uRKBYX-liWA==
microsoft_123.png
microsoft.executive-mailsend.com/images/
989 B
1 KB
Image
General
Full URL
https://microsoft.executive-mailsend.com/images/microsoft_123.png
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
13f0b1e2dd35438aab4a995a52b4673b97addcb046fa39db7557aa34b569dba9

Request headers

Referer
https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 14 Jun 2024 20:46:18 GMT
server
Caddy
etag
"sf38d6rh"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
989
openreplay.js
static.openreplay.com/11.0.1/
118 KB
38 KB
Script
General
Full URL
https://static.openreplay.com/11.0.1/openreplay.js
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/js/query_params.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-39.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e4728c64c39c3f656fe83ce2332a9a376774726294e9dddff0b67939ef918647

Request headers

Referer
https://microsoft.executive-mailsend.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 05:11:01 GMT
content-encoding
gzip
via
1.1 3425db2c749d144a96b60e99c2493db0.cloudfront.net (CloudFront)
last-modified
Tue, 12 Dec 2023 17:11:46 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C1
age
523706
etag
W/"43acccb3ab818c999995c0915b999754"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
3dph8lLq-Mk7W6IyD0HGPCMsbbGmWDS8GSbHB_r3AWih-KcNoiocmQ==
background_image.png
microsoft.executive-mailsend.com/images/
578 KB
578 KB
Image
General
Full URL
https://microsoft.executive-mailsend.com/images/background_image.png
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
f8a7816c230e1d9e782c826b6394560297cd07e28253d9ca4a3d6fd1c889a75d

Request headers

Referer
https://microsoft.executive-mailsend.com/css/main.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Tue, 25 Jun 2024 22:32:49 GMT
server
Caddy
etag
"sfnqmpcomh"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
591785
Botd.js
microsoft.executive-mailsend.com/js/
15 KB
15 KB
Script
General
Full URL
https://microsoft.executive-mailsend.com/js/Botd.js
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.33.75.129 Cedar Knolls, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
45-33-75-129.ip.linodeusercontent.com
Software
Caddy /
Resource Hash
4e0adb59f39b35115d1a5a59e732cc21cf1af68defc038b4b41821989b0839f9

Request headers

Referer
https://microsoft.executive-mailsend.com/js/main.js
Origin
https://microsoft.executive-mailsend.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:39:26 GMT
last-modified
Fri, 02 Aug 2024 19:23:12 GMT
server
Caddy
etag
"shlv6obkp"
content-type
text/javascript; charset=utf-8
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000
content-length
15001
b1d797b5-18a8-45fa-b4ef-0686742eec52
https://microsoft.executive-mailsend.com/
9 KB
0
Other
General
Full URL
blob:https://microsoft.executive-mailsend.com/b1d797b5-18a8-45fa-b4ef-0686742eec52
Requested by
Host: microsoft.executive-mailsend.com
URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4cec66abfe0623a547b1a4419488756945b6c4a619db8c0c2b4280532e31858d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
9395
Content-Type
text/javascript
m-i.png
d5hxnyi3z4114.cloudfront.net/
248 B
641 B
Other
General
Full URL
https://d5hxnyi3z4114.cloudfront.net/m-i.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:7600:c:449b:4e00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f31276cec6170ece2b72aa8f4319f2c0a5a886a3a68216a16f02c785c622f930

Request headers

Referer
https://microsoft.executive-mailsend.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 04:22:03 GMT
x-amz-version-id
8TJBbjDfYl2tJSs3ELhZTComffIlylXm
via
1.1 ce6ac8bc6515892a00316a83f3713e1e.cloudfront.net (CloudFront)
last-modified
Thu, 02 Nov 2023 13:28:41 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P4
age
8245
etag
"fb8de164c1533c793e8bdee84def7474"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
248
x-amz-cf-id
9vm1y20ZgwbN4NhRqbLB5KYDHgeq9LDd8l54x8vLsOKaUYjyPGQtjg==
start
analytics.dunesecurity.io/ingest/v1/web/
0
0

start
analytics.dunesecurity.io/ingest/v1/web/
0
0

intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/
53 B
212 B
XHR
General
Full URL
https://lc5rgw13ke.execute-api.us-east-1.amazonaws.com/intelligence_gathering
Requested by
Host: static.openreplay.com
URL: https://static.openreplay.com/11.0.1/openreplay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.85.191.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-191-180.compute-1.amazonaws.com
Software
/
Resource Hash
fe286209d931e123feabfc012363c0f144c37b29378fed9d26a55e06ae006525

Request headers

Referer
https://microsoft.executive-mailsend.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://microsoft.executive-mailsend.com
date
Wed, 14 Aug 2024 06:39:28 GMT
content-length
53
vary
origin
apigw-requestid
cfGc9gcHoAMEM1w=
content-type
application/json
intelligence_gathering
lc5rgw13ke.execute-api.us-east-1.amazonaws.com/
41 B
206 B
XHR
General
Full URL
https://lc5rgw13ke.execute-api.us-east-1.amazonaws.com/intelligence_gathering
Requested by
Host: static.openreplay.com
URL: https://static.openreplay.com/11.0.1/openreplay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.85.191.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-191-180.compute-1.amazonaws.com
Software
/
Resource Hash
d44d35a831c733ea42f77864b1e9268c1ca642e27322bec9c7a83672dcd5947e

Request headers

Referer
https://microsoft.executive-mailsend.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://microsoft.executive-mailsend.com
date
Wed, 14 Aug 2024 06:39:28 GMT
content-length
41
vary
origin
apigw-requestid
cfGc8itaIAMEMZA=
content-type
text/plain; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.dunesecurity.io
URL
https://analytics.dunesecurity.io/ingest/v1/web/start
Domain
analytics.dunesecurity.io
URL
https://analytics.dunesecurity.io/ingest/v1/web/start

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FingerprintJS function| getQueryParam object| OpenReplay boolean| __openreplay_adpss_patched__ object| __OPENREPLAY__ object| asayer

0 Cookies

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://microsoft.executive-mailsend.com/log-in?secure-sign-in=e2c0e287-52f4-49ec-8262-23b5a958e94e&company_name=ebay,n/a,openphish.com/feed.txt,11-aug-24,low,medium
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network error URL: https://analytics.dunesecurity.io/ingest/v1/web/start
Message:
Failed to load resource: net::ERR_CONNECTION_REFUSED