ms-365.net
Open in
urlscan Pro
185.136.156.118
Malicious Activity!
Public Scan
Submitted URL: http://ms-365.net/
Effective URL: https://ms-365.net/
Submission: On February 08 via automatic, source openphish
Effective URL: https://ms-365.net/
Submission: On February 08 via automatic, source openphish
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 21 HTTP transactions.
The main IP is 185.136.156.118, located in
Germany and
belongs to VELIANET-AS velia.net Internetdienste GmbH, DE.
The main domain is ms-365.net.
TLS certificate: Issued by R3 on February 1st 2021. Valid for: 3 months.
This is the only time ms-365.net was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 1st 2021. Valid for: 3 months.
This is the only time ms-365.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 18 | 185.136.156.118 185.136.156.118 | 29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH) | |
| 3 | 2a02:26f0:6c0... 2a02:26f0:6c00:289::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a02:26f0:6c0... 2a02:26f0:6c00:28b::356e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 21 | 3 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
ms-365.net
1 redirects
ms-365.net |
1 MB |
| 3 |
s-microsoft.com
c.s-microsoft.com |
92 KB |
| 1 |
microsoft.com
www.microsoft.com |
26 KB |
| 21 | 3 |
| Domain | Requested by | |
|---|---|---|
| 18 | ms-365.net |
1 redirects
ms-365.net
|
| 3 | c.s-microsoft.com |
ms-365.net
|
| 1 | www.microsoft.com |
ms-365.net
|
| 21 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ms-365.net R3 |
2021-02-01 - 2021-05-02 |
3 months | crt.sh |
| www.microsoft.com Microsoft RSA TLS CA 01 |
2020-08-28 - 2021-08-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ms-365.net/
Frame ID: BC4B9BE2748869B8F150F6381BEEC4C4
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ms-365.net/
HTTP 302
https://ms-365.net/ Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ms-365.net/
HTTP 302
https://ms-365.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
ms-365.net/ Redirect Chain
|
29 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_light.woff2
ms-365.net/fonts/ |
10 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_regular.woff2
ms-365.net/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_semibold.woff2
ms-365.net/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_semilight.woff2
ms-365.net/fonts/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unauth-b6dce2866b.css
ms-365.net/css/ |
140 KB 140 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sharedfontstyles-30d1fc43fd.css
ms-365.net/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fb-083993.css
ms-365.net/css/ |
165 KB 165 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
override.css
ms-365.net/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
RE1Mu3b.png
ms-365.net/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hero-xxl-b79c4b74fa.jpg
ms-365.net/images/ |
515 KB 515 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unauth-vendor-320f34a99e.js
ms-365.net/js/ |
103 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sharedscripts-b0a68e18d1.js
ms-365.net/js/ |
51 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unauth-5f5f2e67f5.js
ms-365.net/js/ |
57 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ |
33 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mwfmdl2-v3.54.woff
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/ |
26 KB 26 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_semibold.woff2
ms-365.net/versionless/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ |
29 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_semibold.woff
ms-365.net/versionless/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segoeui_semibold.ttf
ms-365.net/versionless/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)64 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| getDefaultAadUser function| getDefaultMsaUser function| findDefaultSignedInUser function| convertAadUserData function| convertMsaUserData function| isValidMsaUser function| isValidAadUser function| getAadData function| getMsaData function| getAadMsaData function| getAccount object| AuthType object| Operation object| ErrorCode object| TimerUtils object| IframeUtils object| Constants object| LoggingUtils function| IdpUserResult function| DefaultSignInOptions boolean| enableConsoleLog boolean| msaFedEnabled function| $ function| jQuery object| StandaloneAriaLogger object| AWTPropertyType object| AWTPiiKind object| AWTEventPriority object| AWTEventsDroppedReason object| AWTEventsRejectedReason object| AWTCustomerContentKind object| AWTUserIdType object| AWTSessionState string| AWT_BEST_EFFORT string| AWT_NEAR_REAL_TIME string| AWT_REAL_TIME function| AWTEventProperties function| AWTLogger function| AWTLogManager function| AWTTransmissionManager function| AWTSerializer function| AWTSemanticContext string| AWT_COLLECTOR_URL_UNITED_STATES string| AWT_COLLECTOR_URL_GERMANY string| AWT_COLLECTOR_URL_JAPAN string| AWT_COLLECTOR_URL_AUSTRALIA string| AWT_COLLECTOR_URL_EUROPE string| AWT_COLLECTOR_URL_USGOV_DOD string| AWT_COLLECTOR_URL_USGOV_DOJ function| __awaiter function| __generator object| HomePage object| awa string| behaviorKey object| DefaultSignInHandler0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.s-microsoft.com
ms-365.net
www.microsoft.com
185.136.156.118
2a02:26f0:6c00:289::356e
2a02:26f0:6c00:28b::356e
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
2cd3ef7b5b677b7827bfbe5b926a283e7ca687ddb6b021fa4289630671ebd061
38d4ad2e76e8323af0bacf04cac745dfec0e77bbacf399bc4f470385d226d6c4
440d8292abdf80dd6e8a9d9faea83367ce57bd1a1a8d153edc358db5f97eff35
4af8a4569359528bd2c5912f8d080631752c70b654e1f9e27c3fe87db5daab98
4d9481536dbf3b0823d5254b666466873a2f577f1222a19aec88cd6157781f2c
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
57febfbad63b722a38bc668e67bc7c2dc02eca221f26db3a9303c1bd584a1a42
633894cf845287f205f1b5bd26b7667dda186695fce3d789306f30c5fbdb14b5
6df1f3e429fb8a70d03c2e32165615aa1f796ec1c81c8d2c588199a69a30b68b
71edbbdac41799addbc0f83b2286b4544e98215614a132708bcbd4f618cdcb80
a0b73831c650a86ab12dc9dc06f8745583ef21ee26ee7ffab155f10c9693f7d1
bb232fd09a6696ce21ec10a43b89933e12ad866dfde30a4a6a08e08082e6557d
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
eb4506c6341c8bed31416f698406b26cadf9773b1a70f65a6115bedf88960b02