urlscan.io logo urlscan.io
SecurityTrails logo

assets-usa.mkt.dynamics.com Open in urlscan Pro
13.105.221.10  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/964fa71d-f8f0-ee11-904b-7c1e5...
Submission: On April 03 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 13.105.221.10, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is assets-usa.mkt.dynamics.com. The Cisco Umbrella rank of the primary domain is 39200.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on January 26th 2024. Valid for: a year.
This is the only time assets-usa.mkt.dynamics.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
5 13.105.221.10 8075 (MICROSOFT...)
2 52.146.76.30 8075 (MICROSOFT...)
7 2
Apex Domain
Subdomains		 Transfer
5 dynamics.com
assets-usa.mkt.dynamics.com — Cisco Umbrella Rank: 39200
public-usa.mkt.dynamics.com — Cisco Umbrella Rank: 64639
9 KB
2 azureedge.net
cxppusa1formui01cdnsa01-endpoint.azureedge.net — Cisco Umbrella Rank: 216729
133 KB
7 2
Domain Requested by
3 assets-usa.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net
2 public-usa.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net
2 cxppusa1formui01cdnsa01-endpoint.azureedge.net assets-usa.mkt.dynamics.com
cxppusa1formui01cdnsa01-endpoint.azureedge.net
7 3

This site contains no links.

Subject Issuer Validity Valid
assets-usa.mkt.dynamics.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-01-26 -
2025-01-20		 a year crt.sh
*.azureedge.net
Microsoft Azure RSA TLS Issuing CA 03		 2024-01-03 -
2024-12-28		 a year crt.sh
prdia888eus0aks.mkt.dynamics.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-02-29 -
2025-02-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/964fa71d-f8f0-ee11-904b-7c1e5214929d
Frame ID: 117CB83D5DD2BE72FCF98B9EA3849B9F
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

142 kB
Transfer

728 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 964fa71d-f8f0-ee11-904b-7c1e5214929d
assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/ 		491 B
784 B 		Document
General
Check archive.org
Download Go to
Full URL
https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/964fa71d-f8f0-ee11-904b-7c1e5214929d
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.105.221.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
27459edba31950b37f1fb41e9f0f5e17f146e46854a2050a1791d54546f1d5ac
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-CA,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
cache-control
public, max-age=900, must-revalidate
content-length
491
content-type
text/html
date
Wed, 03 Apr 2024 14:13:26 GMT
strict-transport-security
max-age=2592000; preload
x-azure-ref
0B2QNZgAAAAAd4OCq/83NQ5uBOfNEb/qhRE0yQUExMDkxMjA3MDM1AGQ2MTg2NmFhLWY2NDItNDM0NS1hYWRhLWU2MGE2NTZmMzJkNw==
x-cache
TCP_MISS
x-content-type-options
nosniff
x-ms-trace-id
25fdb3a8a609b29d9324d1cc0201d105
FormLoader.bundle.js
cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/ 		694 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Requested by
Host: assets-usa.mkt.dynamics.com
URL: https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/964fa71d-f8f0-ee11-904b-7c1e5214929d
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.105.221.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
779b4fbe4a213e68edb39d99832b2eb3c3eeceb8dc06004ee5bffa104a56b239

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://assets-usa.mkt.dynamics.com/
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Wed, 03 Apr 2024 14:13:26 GMT
content-encoding
br
last-modified
Tue, 27 Feb 2024 09:22:18 GMT
content-md5
/cK+TrVP9SHrX2yleu2uAw==
etag
0x8DC3775981D513B
x-azure-ref
0B2QNZgAAAABjkytQ+khzTqvUCj4dXPdCRE0yQUExMDkxMjA3MDM3ADhkNjMzOTE2LThlYjctNDAzNi05NDQ1LTI0NzM2ZjNlNDVlMA==
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
834800b7-501e-0099-6549-8399fc000000
x-ms-version
2009-09-19
964fa71d-f8f0-ee11-904b-7c1e5214929d
assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/forms/ 		28 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/forms/964fa71d-f8f0-ee11-904b-7c1e5214929d
Requested by
Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
URL: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.105.221.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0d1ab156b98488ce3ee034dd62fcb85984757f27074038d61aae8d27b466bb45
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
text/plain
Referer
https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/standaloneforms/964fa71d-f8f0-ee11-904b-7c1e5214929d
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=2592000; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 03 Apr 2024 14:13:27 GMT
x-ms-trace-id
ff1262e8682a08b8f67fbe3a7fe5a85a
x-azure-ref
0CGQNZgAAAAD3GzNmnnDiT7uqWdydOD0RRE0yQUExMDkxMjA3MDM1AGQ2MTg2NmFhLWY2NDItNDM0NS1hYWRhLWU2MGE2NTZmMzJkNw==
x-cache
TCP_MISS
content-type
text/html
access-control-allow-origin
*
cache-control
public, max-age=900, must-revalidate
translation.json
cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/ 		1 KB
883 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json
Requested by
Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
URL: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.105.221.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
491377db69c365d489c88bd4ac641d341b52e6a70b034390a5fc3d161268bca5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://assets-usa.mkt.dynamics.com/
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Wed, 03 Apr 2024 14:13:27 GMT
content-encoding
br
last-modified
Tue, 27 Feb 2024 09:22:19 GMT
content-md5
26wuv74Y6MfPODCvTEIOdw==
etag
0x8DC377598F59007
x-azure-ref
0CGQNZgAAAAABlTYJrk/2TKClvlq096DuRE0yQUExMDkxMjA3MDI1ADhkNjMzOTE2LThlYjctNDAzNi05NDQ1LTI0NzM2ZjNlNDVlMA==
x-cache
TCP_HIT
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
43d65a9f-c01e-0074-370d-855390000000
x-ms-version
2009-09-19
visits
public-usa.mkt.dynamics.com/api/v1.0/orgs/308eefe3-a7e6-ee11-9046-000d3a98ad27/landingpageforms/forms/964fa71d-f8f0-ee11-904b-7c1e5214929d/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/308eefe3-a7e6-ee11-9046-000d3a98ad27/landingpageforms/forms/964fa71d-f8f0-ee11-904b-7c1e5214929d/visits
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.146.76.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://assets-usa.mkt.dynamics.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
https://assets-usa.mkt.dynamics.com
Connection
keep-alive
Date
Wed, 03 Apr 2024 14:13:28 GMT
Server
nginx
Strict-Transport-Security
max-age=2592000; preload
x-content-type-options
nosniff
x-ms-trace-id
f6a627b5cb1e99a2cb1be966e21b3842
573de1a6-abe6-ee11-904d-6045bdd34369
assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-usa.mkt.dynamics.com/308eefe3-a7e6-ee11-9046-000d3a98ad27/digitalassets/images/573de1a6-abe6-ee11-904d-6045bdd34369?ts=638465303509738995
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.105.221.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ce87f10bb79c5c88d4d78554589e846f52df4da6905720f686d18839c902577b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=2592000; preload
date
Wed, 03 Apr 2024 14:13:28 GMT
x-content-type-options
nosniff
x-ms-trace-id
0386116d936cfb10fedeb8374e25cbac
x-azure-ref
0CGQNZgAAAADizHQsuT+TTa9E0L/Ti3E0RE0yQUExMDkxMjA3MDM1AGQ2MTg2NmFhLWY2NDItNDM0NS1hYWRhLWU2MGE2NTZmMzJkNw==
x-cache
TCP_MISS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
content-length
3386
visits
public-usa.mkt.dynamics.com/api/v1.0/orgs/308eefe3-a7e6-ee11-9046-000d3a98ad27/landingpageforms/forms/964fa71d-f8f0-ee11-904b-7c1e5214929d/ 		43 B
425 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/308eefe3-a7e6-ee11-9046-000d3a98ad27/landingpageforms/forms/964fa71d-f8f0-ee11-904b-7c1e5214929d/visits
Requested by
Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net
URL: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.146.76.30 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
962553fbe9e7d65bf4c3e7e68834eefeddb471276d13933573a2d68d81c0edbc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Apr 2024 14:13:28 GMT
Strict-Transport-Security
max-age=2592000; preload
x-content-type-options
nosniff
Server
nginx
x-ms-trace-id
afaa1fef73214924936148f740cc2e34
Transfer-Encoding
chunked
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://assets-usa.mkt.dynamics.com
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on April 3rd 2024, 2:20:28 pm UTC — From Canada

Threats: Phishing
Brands: Office 365 US
Comment: fake voicemail with a link forwarding to a fake microsoft login page

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| d365mktforms object| d365mkt

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff